IoT security concerns are rising

At this point in time – the tail end of 2017 — it’s no secret that there can be challenges in securing IoT devices. More devices being IoT enabled means a more complex IoT ecosystem. In addition, more data is being collected than ever before and this data is being stored in various places. Confusion reigns.

According to a Gemalto survey released last month, an overwhelming 90 percent of consumers lack confidence in the security of IoT devices. Their most common fear (65 percent of respondents) is that a hacker could gain control of their devices, while 60 percent worry about their data being stolen via connected devices. In spite of such concerns, over 50 percent of consumers now own an IoT device (on average two) but only 14 percent believe that they are extremely knowledgeable when it comes to the security of these devices. 

How do businesses address these concerns? The survey found that IoT device manufacturers and service providers spend just 11 percent of their total IoT budget on securing their IoT devices. These companies do, however, appear to recognize the importance of protecting devices and the data they generate or transfer, with 50 percent of companies reportedly having adopted a “security-by-design” approach. 

Two-thirds of organizations reported that encryption is their primary method of securing IoT assets, with 62 percent encrypting the data as soon as it reaches their IoT device, and 59 percent encrypting as it leaves the device. Ninety two percent of these companies said they see an increase in sales or product usage after IoT security measures have been implemented. And encouragingly; businesses are realizing that they need support in understanding IoT technology and are turning to partners to help, with cloud service providers (52 percent) and IoT service providers (50 percent) reported as the favored options. 

While these partnerships may encourage adoption, most organizations (67 percent) admitted they don’t have complete control over the data that IoT products or services collect as it moves from partner to partner, potentially leaving it unprotected. Stakeholders on all sides are looking to the government for guidance. The survey found that almost every business organization (96 percent) and consumer (90 percent) is looking for government-enforced IoT security regulation. And when it comes to who is in the best position to protect IoT users’ data in the cloud, consumers are most likely (31%) to state that a well-established company that specializes in security would be in the best position to protect that data.

Regardless of how they feel about IoT, nine in ten (90%) decision makers think that IoT will be around for the long term and feel that it will become even more common in the future. This feeling is slightly less evident (69%) among consumer respondents. The difference in opinion could be due to a lack of awareness and exposure that consumers have had with IoT. Decision makers are more likely to have had the opportunity to use and monetize IoT in the workplace, seeing the benefits that can be reaped.

Additionally, over four in five (84%) consumers agree that the amount of data being collected via IoT makes privacy a challenge and 82% say that security is a personal consideration when using an IoT product. The vast majority of both respondent types see security as important, which should go some way to justifying that investment. However, nine in ten (90%) consumers expect IoT security to come as standard, rather than as something that they would have to look into or consider themselves. This leaves a dangerous gap in the security of devices. The level of security required for different IoT devices is also likely to vary, according to consumers. Over half believe that connected cars (54%) or smart cities (51%) require advanced levels of security, compared to under a quarter (23%) who think this about health and fitness devices. However, leaving any device unsecured is alarming, particularly as IoT devices require and capture more data than ever.

Both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices. IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until consumers and businesses increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers. Organizations must commit to their IoT journey to harness its full power. Investment in IoT security will be needed in order to do this and must continue to happen.