Story image

Global report: 96% of businesses support govt regulations on IoT security

02 Nov 17

 The lack of security mechanisms on IoT devices is causing concern for more than 90% of consumers, who say they don’t have confidence in their security.

A global survey released from Gemalto this week found that there is a strong sentiment from both businesses and consumers that governments should play some role in setting IoT security standards, with more than 96% of businesses and 90% of consumers supporting the statement.

According to the survey, 54% of respondents own an IoT device but only 14% believe they are knowledgeable about their devices’ security.

Two thirds of respondents are concerned that hackers could take control of their device. 60% are concerned about potential for data leaks and 54% are concerned about hackers accessing their personal information.

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” explains Jason Hart, CTO, Data Protection at Gemalto. 

The support for better IoT device security may be strong amongst consumers; however manufacturers and service providers devote only 11% of their total IoT budget on securing their devices. In Australia, that drops to 10%.

While 50% adopt a security by design approach and 67% say encryption is their main method of securing IoT assets, they may need to invest of their budget into security.

However, 3% of Australian respondents don’t encrypt any data from IoT devices. 17% say they encrypt data, but they don’t know what that data is.

The benefits of putting strong security measures in place are clear, according to the report. 92% of companies see an increase in sales or product usage after deploying better security.

61% of businesses would like governments to apply regulations that make it clear who is actually responsible for IoT devices and data at each stage of its journey. 55% would like to see implications of non-compliance.

“With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption,” Hart adds.

Another issue businesses and consumers face is understanding IoT technology. The role of cloud service providers and IoT service providers are the top picks. Businesses say that their lack of expertise and skills (47%) and help speeding their IoT deployment (46%) were the two key reasons.

Businesses also admit that they don’t have full control over the data IoT products and services collect as it moves from partner to partner, leaving it partially unprotected.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart says. 

“Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Updated: Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.