sb-as logo
Story image

Global report: 96% of businesses support govt regulations on IoT security

02 Nov 2017

 The lack of security mechanisms on IoT devices is causing concern for more than 90% of consumers, who say they don’t have confidence in their security.

A global survey released from Gemalto this week found that there is a strong sentiment from both businesses and consumers that governments should play some role in setting IoT security standards, with more than 96% of businesses and 90% of consumers supporting the statement.

According to the survey, 54% of respondents own an IoT device but only 14% believe they are knowledgeable about their devices’ security.

Two thirds of respondents are concerned that hackers could take control of their device. 60% are concerned about potential for data leaks and 54% are concerned about hackers accessing their personal information.

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” explains Jason Hart, CTO, Data Protection at Gemalto. 

The support for better IoT device security may be strong amongst consumers; however manufacturers and service providers devote only 11% of their total IoT budget on securing their devices. In Australia, that drops to 10%.

While 50% adopt a security by design approach and 67% say encryption is their main method of securing IoT assets, they may need to invest of their budget into security.

However, 3% of Australian respondents don’t encrypt any data from IoT devices. 17% say they encrypt data, but they don’t know what that data is.

The benefits of putting strong security measures in place are clear, according to the report. 92% of companies see an increase in sales or product usage after deploying better security.

61% of businesses would like governments to apply regulations that make it clear who is actually responsible for IoT devices and data at each stage of its journey. 55% would like to see implications of non-compliance.

“With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption,” Hart adds.

Another issue businesses and consumers face is understanding IoT technology. The role of cloud service providers and IoT service providers are the top picks. Businesses say that their lack of expertise and skills (47%) and help speeding their IoT deployment (46%) were the two key reasons.

Businesses also admit that they don’t have full control over the data IoT products and services collect as it moves from partner to partner, leaving it partially unprotected.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart says. 

“Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”

Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
NordVPN upgrades infrastructure with launch of colocated servers
"The greatest advantage of having colocated servers is their complete ownership, which guarantees access only by our authorised people."More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More