SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Global report: 96% of businesses support govt regulations on IoT security
Thu, 2nd Nov 2017
FYI, this story is more than a year old

 The lack of security mechanisms on IoT devices is causing concern for more than 90% of consumers, who say they don't have confidence in their security.

A global survey released from Gemalto this week found that there is a strong sentiment from both businesses and consumers that governments should play some role in setting IoT security standards, with more than 96% of businesses and 90% of consumers supporting the statement.

According to the survey, 54% of respondents own an IoT device but only 14% believe they are knowledgeable about their devices' security.

Two thirds of respondents are concerned that hackers could take control of their device. 60% are concerned about potential for data leaks and 54% are concerned about hackers accessing their personal information.

“It's clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” explains Jason Hart, CTO, Data Protection at Gemalto.

The support for better IoT device security may be strong amongst consumers; however manufacturers and service providers devote only 11% of their total IoT budget on securing their devices. In Australia, that drops to 10%.

While 50% adopt a security by design approach and 67% say encryption is their main method of securing IoT assets, they may need to invest of their budget into security.

However, 3% of Australian respondents don't encrypt any data from IoT devices. 17% say they encrypt data, but they don't know what that data is.

The benefits of putting strong security measures in place are clear, according to the report. 92% of companies see an increase in sales or product usage after deploying better security.

61% of businesses would like governments to apply regulations that make it clear who is actually responsible for IoT devices and data at each stage of its journey. 55% would like to see implications of non-compliance.

“With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won't see mainstream adoption,” Hart adds.

Another issue businesses and consumers face is understanding IoT technology. The role of cloud service providers and IoT service providers are the top picks. Businesses say that their lack of expertise and skills (47%) and help speeding their IoT deployment (46%) were the two key reasons.

Businesses also admit that they don't have full control over the data IoT products and services collect as it moves from partner to partner, leaving it partially unprotected.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it's leading to gaps in the IoT ecosystem that hackers will exploit,” Hart says.

“Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. ‘Security by design' is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.