News recently emerged of a new botnet, dubbed Reaper, that has infected thousands of webcams, security cameras and DVRs. Although it was later reported not to be quite as widespread as initially believed, the news was still a reminder of the persisting security issues with IoT.
A recent Gemalto survey (registration required) shed some light on where those issues currently stand. According to the survey, an overwhelming 90% of consumers lack confidence in the security of IoT devices. Their most common fear (65% of respondents) is that a hacker could gain control of their devices, while 60% worry about their data being stolen via connected devices. In spite of such concerns, over 50% of consumers now own an IoT device (on average two), but only 14% believe they are extremely knowledgeable when it comes to the security of these devices.
So, how are IoT companies addressing these concerns? The survey found that IoT device manufacturers and service providers spend just 11% of their total IoT budget on securing their IoT devices. These companies do, however, appear to recognize the importance of protecting devices and the data they generate or transfer, with 50% of companies reportedly having adopted a security-by-design approach.
Two-thirds of organizations reported that encryption is their primary method of securing IoT assets, with 62% encrypting the data as soon as it reaches their IoT device and 59% encrypting as it leaves the device. Encouragingly, 92% of companies said they see an increase in sales or product usage after IoT security measures have been implemented. Also encouraging, businesses are realizing that they need support in understanding IoT technology and are turning to partners for help, with cloud service providers (52%) and IoT service providers (50%) reported as the favored options.
While these partnerships may encourage adoption, most organizations (67%) admitted they don’t have complete control over the data that IoT products or services collect as it moves from partner to partner, potentially leaving it unprotected.
Stakeholders on all sides are looking to the government for guidance. The survey found that almost every business organization (96%) and consumer (90%) is looking for government-enforced IoT security regulation.
As long as hackers continue to exploit gaps in the IoT ecosystem, both consumers and businesses are justified in their lack of confidence in service providers and device manufacturers. The EU’s recent GDPR law showed that other governments are now recognizing the importance of this issue, and that effective legislation is possible. In the meantime, each of the groups involved in the IoT ecosystem — manufacturers, cloud service providers and third parties — should continue to adopt security by design in order to mitigate the risk.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.