Fully 82 percent of organizations are unable to identify all devices connected to their network, and most have no clear delineation of who is primarily responsible for IoT security, a recent Forrester survey of 603 IT and line-of-business (LoB) decision-makers at enterprises in the U.S., U.K., Germany, France, Australia and New Zealand.
The survey, sponsored by ForeScout, also found that 77 percent of respondents agree that the increased usage of connected devices creates significant security challenges, and 76 percent said they’re rethinking their security strategies as a result.
“Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line,” ForeScout president and CEO Michael DeCesare said in a statement. “Securing IoT is not just a cyber security issue, it is a business issue, and operating at any risk level is too much.”
Fifty-four percent of respondents said they have anxiety about IoT security issues, but key barriers to investing in IoT security include budget constraints and skepticism among senior leadership.
Still, 82 percent of respondents expect their IoT security spend to increase over the next year or two, with 55 percent saying integration with existing security solutions is the the most important feature for any IoT security solution.
In the meantime, 40 percent of respondents are relying on legacy security solutions to protect IoT, and 59 percent said they’re willing to tolerate a medium to high risk level in relation to IoT security compliance requirements.
Need for Regulation
A separate Gemalto survey of 1,050 IT and business decision makers and 10,500 consumers found that 90 percent of consumers lack confidence in the security of IoT devices, and more than two thirds of consumers and almost 80 percent of organizations want governments to get involved in ensuring IoT security.
“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” Gemalto CTO for data protection Jason Hart said in a statement.
“With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber attacks can have on everyday lives, they now need to step up when it comes to IoT security,” Hart added. “Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”
Two thirds of consumers said their main fear is hackers taking controls of their devices, followed by their data being leaked (60 percent) and hackers accessing their personal information (54 percent).
And while 54 percent of consumers own at least one IoT device (an average of two), just 14 percent say they’re extremely knowledgeable regarding the security of IoT devices.
Still, the survey found that IoT device manufacturers and service providers on average spend just 11 percent of their total IoT budget on securing their IoT devices.
Two thirds of organizations say encryption is their main method of securing IoT assets, with 62 percent encrypting the data as soon as it reaches the IoT device, and 59 percent encrypting the data as it leaves the device.
Notably, 92 percent of companies reporting seeing an increase in sales or product usage after implementing IoT security measures.
“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart said. “Within this ecosystem, there are four groups involved — consumers, manufacturers, cloud service providers and third parties — all of which have a responsibility to protect the data.”
IoT devices, Hart added, are a portal to the wider network, and failing to protect them is like leaving your door wide open. “Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers,” he said.