itb-nz logo
Story image

Enterprise IoT devices underestimated and under-secured

Security and the Internet of Things (IoT) is an ongoing discussion, and new research highlights the perception of consumers and IT professionals varies greatly. Despite this, it's widely agreed that security and privacy needs to be a key focus of users and manufacturers.

According to the ISACA’s 2015 IT Risk/Reward Barometer, 64% of consumers are confident they can control the security on IoT devices they own.

However, only 22% of IT and cyber security professionals feel this same confidence about controlling who has access to information collected by IoT devices in their homes.

The global average estimated number of IoT devices in the home was six. Smart TVs topped the list of most wanted connected device to buy in the next 12 months, with wearable devices, such as smart watches and fitness trackers, also highly ranked.

The IoT for business-to-business use alone is expected to expand from 1.2 billion devices in 2015 to 5.4 billion connected devices worldwide by 2020, according to one estimate.

The ISACA survey highlights that a significant number of respondents believe IoT is underestimated and under-secured, and IT and cybersecurity professionals recognise IoT often flies below the radar and presents an invisible risk.

In fact, nearly half believe their IT department is not aware of all of their organisation’s connected devices - for instance, connected thermostats, TVs, fire alarms, and cars.

Furthermore, 73% estimate the likelihood of an organisation being hacked through an IoT device is medium or high, and 63% think the increasing use of IoT devices in the workplace has decreased employee privacy. 

“In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data,” says Christos Dimitriadis, international president of ISACA and group director of Information Security for INTRALOT.

“The rapid spread of connected devices is outpacing an organisation’s ability to manage it and to safeguard company and employee data,” he says.

However, the business risk of not embracing the IoT and falling behind competitors may well outweigh any potential cost of a cyberattack, although organisations need to manage the risk to achieve the most benefit, Dimitriadis says.

According to global cyber security and IT professionals surveyed, device manufacturers are falling short on this front.

Of those surveyed, 72% say they do not believe that manufacturers are implementing sufficient security measures in IoT devices.

A nearly equal proportion (73%) don’t think current security standards sufficiently address the IoT and believe that updates and/or new standards are needed.

Privacy is also an issue, with 84% saying device makers don’t make consumers sufficiently aware of the type of information the devices can collect.

ISACA’s consumer research suggests that consumers are likely to value businesses that can demonstrate their expertise in and commitment to cyber security best practices.

Globally, the majority of consumers say it is important that data security professionals hold a cyber security certification if they work at organisations with access to the consumers’ personal information.

“Device manufacturers should lead the charge on adopting an industry-wide security standard that addresses IoT security, and put in place rigorous security governance and professional development for their cyber security employees.

“ISACA’s research shows a direct connection between positive customer sentiment and companies that can demonstrate security credentials,” says Robert Clyde, international vice president of ISACA and managing director of Clyde Consulting LLC.

The ISACA has highlighted some ways enterprises can safely embrace IoT devices in the workplace to keep competitive advantage without becoming susceptible to breaches:

  • Ensure all workplace devices owned by organisation are updated regularly with security upgrades
  • Require all devices be wirelessly connected through the workplace guest network, rather than internal network
  • Provide cyber security training for all employees to demonstrate their awareness of best practices of cyber security and the different types of cyberattacks

When it comes to manufacturers of IoT devices, ISACA says there are various best practices to abide by:

  • Require all developers who build software to have appropriate performance-based cyber security certification, to ensure safe coding practices are being followed
  • Insist all social media sharing be opt-in
  • Encrypt all sensitive information, especially when connecting to Bluetooth-enabled devices
  • Build IoT devices that can be automatically updated with new security upgrades
Link image
The 5G network emulation solution that accelerates device workflow
Here's how to streamline your workflow across test domains including protocol, radio frequency (RF)/radio resource management, and functional and performance testing.More
Story image
COVID-19 crushes fingerprint reader market
However, the biometrics market is expected to regain momentum with alternatives already beginning to find their feet.More
Story image
How 'data gravity' centres can spell trouble for enterprises
In the not-too-distant past, data was created in a much more centralised place, and users and systems had far less access to it. Now, with digital data from social, analytics, mobile, cloud, IoT and more being created with both simultaneity and omnipresence, so much information is being collected that it’s forming a ‘centre of gravity’.More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
Procore looks to improve safety of A/NZ construction sites with latest offering
“2020 has underscored the importance of ensuring the health of construction workers and having the necessary digital tools to manage changing onsite quality and safety regulations."More
Story image
Video: 10 Minute IT Jams - Who is Tecala?
In this video, we speak to Tecala managing director Pieter DeGunst, who discusses the company's primary focuses, the solutions that it leverages, and the infrastructure and resources it has in the A/NZ market.More