Story image

Global report: 96% of businesses support govt regulations on IoT security

02 Nov 17

 The lack of security mechanisms on IoT devices is causing concern for more than 90% of consumers, who say they don’t have confidence in their security.

A global survey released from Gemalto this week found that there is a strong sentiment from both businesses and consumers that governments should play some role in setting IoT security standards, with more than 96% of businesses and 90% of consumers supporting the statement.

According to the survey, 54% of respondents own an IoT device but only 14% believe they are knowledgeable about their devices’ security.

Two thirds of respondents are concerned that hackers could take control of their device. 60% are concerned about potential for data leaks and 54% are concerned about hackers accessing their personal information.

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” explains Jason Hart, CTO, Data Protection at Gemalto. 

The support for better IoT device security may be strong amongst consumers; however manufacturers and service providers devote only 11% of their total IoT budget on securing their devices. In Australia, that drops to 10%.

While 50% adopt a security by design approach and 67% say encryption is their main method of securing IoT assets, they may need to invest of their budget into security.

However, 3% of Australian respondents don’t encrypt any data from IoT devices. 17% say they encrypt data, but they don’t know what that data is.

The benefits of putting strong security measures in place are clear, according to the report. 92% of companies see an increase in sales or product usage after deploying better security.

61% of businesses would like governments to apply regulations that make it clear who is actually responsible for IoT devices and data at each stage of its journey. 55% would like to see implications of non-compliance.

“With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption,” Hart adds.

Another issue businesses and consumers face is understanding IoT technology. The role of cloud service providers and IoT service providers are the top picks. Businesses say that their lack of expertise and skills (47%) and help speeding their IoT deployment (46%) were the two key reasons.

Businesses also admit that they don’t have full control over the data IoT products and services collect as it moves from partner to partner, leaving it partially unprotected.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart says. 

“Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”

IP theft: A global issue catching NZ businesses off guard
“We have this incredible record of innovation in New Zealand. But our innovative businesses haven’t always been meticulous in shoring up their IP."
Why A/NZ organisations need to improve compliance protocols
Only a mere 4% of IT decision makers and data managers surveyed said their organisation faced no data management challenges. 
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
BlackBerry buys out cybersecurity AI firm Cylance
“We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
Data protection is key to building customer trust
"New data compliance rules offer an opportunity for businesses to re-evaluate their processes and improve data management and customer loyalty."
NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."