Story image

Global report: 96% of businesses support govt regulations on IoT security

02 Nov 2017

 The lack of security mechanisms on IoT devices is causing concern for more than 90% of consumers, who say they don’t have confidence in their security.

A global survey released from Gemalto this week found that there is a strong sentiment from both businesses and consumers that governments should play some role in setting IoT security standards, with more than 96% of businesses and 90% of consumers supporting the statement.

According to the survey, 54% of respondents own an IoT device but only 14% believe they are knowledgeable about their devices’ security.

Two thirds of respondents are concerned that hackers could take control of their device. 60% are concerned about potential for data leaks and 54% are concerned about hackers accessing their personal information.

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” explains Jason Hart, CTO, Data Protection at Gemalto. 

The support for better IoT device security may be strong amongst consumers; however manufacturers and service providers devote only 11% of their total IoT budget on securing their devices. In Australia, that drops to 10%.

While 50% adopt a security by design approach and 67% say encryption is their main method of securing IoT assets, they may need to invest of their budget into security.

However, 3% of Australian respondents don’t encrypt any data from IoT devices. 17% say they encrypt data, but they don’t know what that data is.

The benefits of putting strong security measures in place are clear, according to the report. 92% of companies see an increase in sales or product usage after deploying better security.

61% of businesses would like governments to apply regulations that make it clear who is actually responsible for IoT devices and data at each stage of its journey. 55% would like to see implications of non-compliance.

“With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption,” Hart adds.

Another issue businesses and consumers face is understanding IoT technology. The role of cloud service providers and IoT service providers are the top picks. Businesses say that their lack of expertise and skills (47%) and help speeding their IoT deployment (46%) were the two key reasons.

Businesses also admit that they don’t have full control over the data IoT products and services collect as it moves from partner to partner, leaving it partially unprotected.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart says. 

“Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.