A study by Gemalto has shown that only around half (48%) of
businesses can detect if any of their IoT devices suffers a breach.
While spending on protection has grown (from 11% of IoT
budget in 2017 to 13% now) and nearly all (90%) believing it is a big
consideration for customers, the survey of 950 IT and business decision makers
globally showed significant problems.
Gemalto found that companies are calling on governments to
intervene, with 79% asking for more robust guidelines on IoT security, and 59%
seeking clarification on who is responsible for protecting IoT. Despite the
fact that many governments have already enacted or announced the introduction
of regulations specific to IoT security, most (95%) businesses believe there
should be uniform regulations in place, a finding that is echoed by consumers - 95% expect IoT devices to be
governed by security regulations.
“Given the increase in the number of IoT-enabled devices,
it’s extremely worrying to see that businesses still can’t detect if they have
been breached,” said Jason Hart, CTO, Data Protection at Gemalto. “With
no consistent regulation guiding the industry, it’s no surprise the threats –
and, in turn, vulnerability of businesses – are increasing. This will only
continue unless governments step in now to help industry avoid losing control.”
Businesses are calling for governmental intervention because
of the challenges they see in securing connected devices and IoT services. This
is particularly mentioned for data privacy (38%) and the collection of large
amounts of data (34%). Protecting an increasing amount of data is proving an
issue, with only three in five (59%) of those using IoT and spending on IoT
security, admitting they encrypt all of their data.
Consumers believe security needs to improve (62%),
followed by privacy concerns (54%), control of devices by hackers (51%) and
lack of control over personal data (50%).
Gemalto sees blockchain emerging as a potential technology;
adoption of blockchain has doubled from 9% to 19% in the last 12 months, with a
quarter (23%) of respondents believe that blockchain technology would be an
ideal solution to use for securing IoT devices, with 91% of organisations that
don’t currently use the technology are likely to consider it in the future.
As blockchain technology finds its place in securing IoT
devices, businesses continue to employ other methods to protect themselves
against cybercriminals. The majority (71%) encrypt their data, while password
protection (66%) and two factor authentication (38%) remain prominent.
However web security company High-Tech Bridge sees that
figure as be too optimistic:
“I think the survey results are somewhat optimistic with almost a half of the European companies claiming to have IoT breach detection capacities,” said CEO Ilia Kolochenko. “ In my experience, less than 10% of European organizations have an up to date inventory of their IoT devices, let alone breach detection capacities. Shadow IoT, brought and implemented by employees, exacerbate the situation as corporate data starts being stored on unidentifiable and uncontrollable devices, often with backup in external storage locations or the cloud.”
Blockchain capacity to secure IoT is somewhat overestimated, she says, as the technology by definition has nothing to do with many popular attack vectors on IoT devices. GDPR's role is also questioned, as most of the careless IoT manufactures are located far beyond EU jurisdiction and do not care about any judicial decisions of European courts against them. Moreover, not every IoT is designed to store or process PII, thus making GDPR simply inapplicable.
“Uniform regulation of the IoT market is a Utopia amid current geopolitical tensions in the technology sector. Nonetheless, governmental regulation of secure-by-design IoT is certainly a good idea and probably is the only way to make the IoT market more reliable,” she said.
“I think the survey results are somewhat optimistic with almost a half of the European companies claiming to have IoT breach detection capacities,” said CEO Ilia Kolochenko. “ In my experience, less than 10% of European organizations have an up to date inventory of their IoT devices, let alone breach detection capacities. Shadow IoT, brought and implemented by employees, exacerbate the situation as corporate data starts being stored on unidentifiable and uncontrollable devices, often with backup in external storage locations or the cloud.”
Blockchain capacity to secure IoT is somewhat overestimated, she says, as the technology by definition has nothing to do with many popular attack vectors on IoT devices. GDPR's role is also questioned, as most of the careless IoT manufactures are located far beyond EU jurisdiction and do not care about any judicial decisions of European courts against them. Moreover, not every IoT is designed to store or process PII, thus making GDPR simply inapplicable.
“Uniform regulation of the IoT market is a Utopia amid current geopolitical tensions in the technology sector. Nonetheless, governmental regulation of secure-by-design IoT is certainly a good idea and probably is the only way to make the IoT market more reliable,” she said.
The State of State of IoT Security website
No comments:
Post a Comment