Story image

Half of companies unable to detect IoT device breaches

16 Jan 2019

Gemalto has released a report that shows only around half (48%) of businesses can detect if any of their IoT devices suffer a breach.

This comes despite companies having an increased focus on IoT security:

  • Spending on protection has grown (from 11% of IoT budget in 2017 to 13% now);
  • Nearly all (90%) believing it is a big consideration for customers; and
  • Almost three times as many now see IoT security as an ethical responsibility (14%), compared to a year ago (4%)

With the number of connected devices set to top 20 billion by 2023, businesses must act quickly to ensure their IoT breach detection is as effective as possible.

Surveying 950 IT and business decision makers globally, Gemalto found that companies are calling on governments to intervene, with 79% asking for more robust guidelines on IoT security, and 59% seeking clarification on who is responsible for protecting IoT. 

Despite the fact that many governments have already enacted or announced the introduction of regulations specific to IoT security, most (95%) businesses believe there should be uniform regulations in place, a finding that is echoed by consumers.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” says Gemalto data protection CTO Jason Hart. 

“With no consistent regulation guiding the industry, it’s no surprise the threats - and, in turn, vulnerability of businesses - are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

With such a big task in hand, businesses are calling for governmental intervention because of the challenges they see in securing connected devices and IoT services. 

This is particularly mentioned for data privacy (38%) and the collection of large amounts of data (34%). Protecting an increasing amount of data is proving an issue, with only three in five (59%) of those using IoT and spending on IoT security, admitting they encrypt all of their data.

Consumers are clearly not impressed with the efforts of the IoT industry, with 62% believing security needs to improve. 

When it comes to the biggest areas of concern 54% fear a lack of privacy because of connected devices, followed closely by unauthorised parties like hackers controlling devices (51%) and lack of control over personal data (50%).

While the industry awaits regulation, it is seeking ways to address the issues itself, with blockchain emerging as a potential technology - adoption of blockchain has doubled from 9% to 19% in the last 12 months. 

What’s more, a quarter (23%) of respondents believe that blockchain technology would be an ideal solution to use for securing IoT devices, with 91% of organisations that don’t currently use the technology are likely to consider it in the future.

As blockchain technology finds its place in securing IoT devices, businesses continue to employ other methods to protect themselves against cybercriminals. 

The majority (71%) encrypt their data, while password protection (66%) and two-factor authentication (38%) remain prominent.

“Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store,” Hart adds.

“But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.