The rise and rise of the IoT is fuelling concerns about the threat of cyber attacks both in the home as well as in business. That was one of the findings of Gemalto's The State of IoT Security report which also revealed that more than two-thirds of consumers and almost 80% of organizations support governments getting involved in setting IoT security .
According to the survey, businesses are in favor of regulations to make it clear who is responsible for securing IoT devices and data at each stage of its journey (61%) and the implications of non- compliance (55%). In fact, almost every organization (96%) and consumer (90%) is looking for government-enforced IoT security regulation.
The survey also found that:
- Most organizations (96%) and consumers (90%) believe there is a need for IoT security regulations – and want government involvement
- A hacker controlling IoT devices is the most common concern for consumers (65%), while six in ten (60%) worry about their data being stolen
- More than two-thirds (67%) of businesses encrypt all data captured or stored via IoT devices
- 54% of consumers own an average of four IoT devices, but only 14% believe that they are knowledgeable on IoT device security
- 65% of consumers are concerned about a hacker controlling their IoT device, while 60% are concerned about data being leaked.
Investment in security
In terms of the level of investment in security, the survey found that IoT device manufacturers and service providers spend just 11% of their total IoT budget on security. The study found that these companies do recognize the importance of protecting devices and the data they generate or transfer with 50% of companies adopting a security by design approach. Two-thirds (67%) of organizations report encryption as their main method of securing IoT assets and 92% of companies have seen an increase in sales or product usage after implementing IoT security measures.
Security by design
"It's clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices," said Jason Hart, CTO, Data Protection at Gemalto. "With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won't see mainstream adoption."
Hart continued: "The lack of knowledge among both the business and consumer worlds is quite worrying and it's leading to gaps in the IoT ecosystem that hackers will exploit. Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. 'Security by design' is the most effective approach to mitigate against a breach."
For more on The State of IoT Security report and download a copy, visit: http://www2.gemalto.com/iot/index.html