Security issues hold back IoT growth

A survey of more than 7,000 IT professionals from global cyber security association ISACA suggests that a lack of clarity and standards around Internet of Things (IoT) security is leading to a lack of confidence.

According to the UK IT professionals surveyed for ISACA's 2015 IT Risk/Reward Barometer, 75% of the security experts polled say they do not believe device manufacturers are implementing sufficient security measures in IoT devices, and a further 73% say existing security standards in the industry do not sufficiently address IoT specific security concerns and new standards are needed.

Combined with the assertion from 56% of respondents that their organisation's IT department is not aware of all of its connected devices (e.g., connected thermostats, TVs, fire alarms, cars, etc.) these figures demonstrate significant risk.

The worldwide IoT is expected to expand from 1.2 billion devices in 2015 to 5.4 billion connected devices by 2020, according to one estimate.

"With the explosion in popularity and hype around the Internet of Things, it is proving difficult for manufacturers and organisations to keep up with the clear realities and implications for security the IoT represents.

"What is being created, along with the physical object like a thermostat, smartwatch or connected alarm system, are the countless entry points that cyberattackers can use to access personal information and corporate data," said Ramsés Gallego, past international vice president of ISACA.

"The rapid spread of connected devices is outpacing an organisation's ability to manage it and to safeguard company and employee data. We need to change that so we can reap the many benefits of the IoT."

Some 41% of the IT professionals surveyed say the most significant security concern for enterprises related to the IoT lies in device vulnerabilities, and there is a good chance of a company being hacked through an IoT device (64% put the risk likelihood at medium/high).

With 62% expecting a cyberattack in the next 12 months, and only 51% confident they are prepared for such an event, the responses raise questions about how organisations can achieve the many benefits of IoT while managing the risk-particularly since 68% of UK IT profession als say organisations of all sizes are equally at risk.

However, there is good news too: 34% say they have achieved greater access to information as a result of the IoT, and 29% say IoT has improved services at their organisation.

The survey report notes that business risk of not embracing the IoT and falling behind competitors may well outweigh any potential cost of a cyberattack, and organisations need to manage the risk to achieve the most benefit.

 

Related Topics

Share this story

Like