Story image

IoT breaches: Nearly half of businesses still can’t detect them

16 Jan 2019

The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.

The company surveyed 950 IT and business decision makers around the world.

According to the study, almost half (48 percent) of businesses still can’t detect IoT device breaches. This is despite the survey revealing an increased focus on IoT security:

The allocation of IoT budgets for protection has risen from 11 percent in 2017 to 13 percent today

90 percent of companies believe it is a big consideration for customers

Almost three times as many now see IoT security as an ethical responsibility

According to Gemalto, companies are increasingly calling on governments to intervene with 79 percent demanding more robust guidelines on IoT security, and 50 percent seeking clarification on who is responsible for protecting IoT.

Despite the fact that many governments have already imposed or announced regulations specific to IoT security, 95 percent of businesses affirm there should be uniform regulations in place – which Gemalto asserts is also echoed by the clear majority of consumers.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” says Gemalto Data Protection CTO Jason Hart.

“With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

Gemalto says businesses are seeking government intervention as they perceive the process of securing connected devices and IoT services to be a mammoth task. This is particularly pronounced for data privacy (38 percent) and the collection of large amounts of data (34 percent).

The relentless growth in the amount of data and the protection obligations that comes with it appears to be an increasing headache for businesses, with only three in five of those using IoT and spending on IoT security actually encrypting all of their data.

62 percent of consumers are not impressed with the current proceedings and believe security needs to improve. When it comes to the biggest areas of concern, 54 percent fear a lack of privacy because of connected devices, trailed closely by unauthorised parties like hackers controlling devices (51 percent) and lack of control over personal data (50 percent).

A technology that is gaining in prominence as an IoT security tool, Gemalto says, is blockchain. The adoption of blockchain has more than doubled over the last year, from 9 percent to 19 percent.

Furthermore, 23 percent believe that blockchain technology would be an ideal tool to secure IoT devices, while 91 percent of organisations that aren’t currently using blockchain technologies are likely to consider it in the future.

In terms of methods businesses are using to protect themselves against cybercriminals, 71 percent encrypt their data, while password protection (66 percent) and two factor authentication (38 percent) remain prominent.

“Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store,” says Hart.

“But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.