With the number of connected devices set to top 20 billion by 2023, their potential for transforming business is great. However, with this increased connectivity inevitably comes a potential IoT security risk.
Despite the UK Government introducing the Internet of Things (IoT) security code of practice for manufacturers and developers last year, many businesses are not adequately prepared for the event of an IoT hack, research has found.
Surveying 950 IT and business decision makers globally, digital security company Gemalto found that a worrying number would not be able to detect whether any of their IoT devices had been breached.
Spending on protection for IoT devices has grown from 11% of IoT budget in 2017 to 13% in 2018, but the majority are not confident in their ability to spot a threat.
The study revealed that just over four in ten UK organisations thought they would be able to detect when any of their IoT devices have been breached – the second lowest in Europe after France.
Why is IoT security so important?
With many new IoT devices being rolled out at a rapid rate, in turn increasing the volume of data being shared between connected devices, there are now thought to be more connected devices than there are people on the planet.
Security is often an afterthought, making them a target for hackers. IoT devices are often not equipped with the same level of protection from hackers as other connected devices such as smartphones or computers, making them a vulnerability on a network.
Many consumers are unaware of the risks of insecure IoT devices, and do not exercise the same level of caution as they would when ensuring computers have the latest antivirus software. In fact, 15% of IoT devices still have the default password.
Furthermore, as an increasing number of everyday items become connected, devices such as smart cars mean that more is at stake if something goes wrong, with attackers potentially able to remotely control vehicles, numerous household gadgets, and even power plants.
Customers are concerned
These weaknesses have been noted by consumers, with 62% believing that security in the IoT industry needs to improve. When it comes to the biggest areas of concern 54% fear a lack of privacy because of connected devices, followed closely by unauthorised parties like hackers controlling devices.
Despite the fact that many governments have already brought in or announced the introduction of regulations specific to IoT security, 95% of businesses believe there should be uniform regulations in place and 79% are asking for more robust guidelines on IoT security.
Jason Hart, CTO of Data Protection at Gemalto believes that the industry has been too slow to regulate:
“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached. With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”
Others have looked to a more technological solution as the industry seeks ways to address the issues itself in the place of regulation. Blockchain has emerged as a potential solution for securing IoT devices, with a quarter of respondents believing that blockchain technology would be an ideal solution.
In the meantime, businesses continue to use other methods to protect themselves against cybercriminals, with 71% encrypting their data. Password protection and two-factor authentication also remain prominent.
Hart believes that by rushing to bring new devices to market, companies risk their cybersecurity:
“The push for digital transformation by organisations has a lot to answer for when it comes to security and bad practices. At times it feels organisations are trying to run before they can walk, implementing technology without really understanding what impact it could have on their security.
“With IoT devices continuing to immerse themselves deep within organisations’ networks, it’s frightening to see that so many UK businesses don’t know if and when these devices have been breached. Although the UK’s new Code of Practice is a great first step toward securing the IoT, it won’t truly be effective until these are made mandatory and all organisations are forced to adhere to them. Only once every device, new and old, is given these same standards will the UK see a decrease in successful attacks.”