Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

As IoT Grows, Confidence in Security Remains Low

Despite the growth in use and the need for security in the use of embedded devices (IoT), almost half of all businesses are unable to detect a breach in any of their devices. The situation is worse in the UK (it rises from 48% overall to almost 60%), even though the UK government introduced a code of practice for manufacturers and developers last year.

Despite the growth in use and the need for security in the use of embedded devices (IoT), almost half of all businesses are unable to detect a breach in any of their devices. The situation is worse in the UK (it rises from 48% overall to almost 60%), even though the UK government introduced a code of practice for manufacturers and developers last year.

The figures come from a Gemalto survey of 950 IT and business decision makers globally. Spending on securing IoT is growing (from 11% of IoT budget in 2017 to 13% now); and security awareness is high (90% believe it is a major consideration). Belief that IoT security is an ethical responsibility has grown from 4% a year ago to 14% now. But confidence in breach detection remains low.

Consumers are not impressed. Sixty-two percent believe that security must improve. Fifty-four percent fear a loss of privacy through connected devices, 51% are worried about hackers taking control over the devices, and 50% are worried about a lack of control over their personal data.

IoT security is hard to implement. Most people see government intervention as the best solution. Seventy-nine percent are calling for more robust guidelines on IoT security, while 59% want greater clarity on who is responsible for IoT security. “With no consistent regulation guiding the industry,” comments Jason Hart, CTO, data protection at Gemalto, “it’s no surprise the threats — and, in turn, vulnerability of businesses — are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

Any regulations will, however, need to be mandatory. The UK experience confirms the often-stated belief: if it isn’t a legal requirement, it won’t be done.

Gemalto believes that blockchain may be advantageous in securing the data coming out of embedded devices. Adoption of blockchain has doubled from 9% to 19% in the last 12 months. Twenty-three percent of the survey respondents believe that blockchain technology would be a solution for securing IoT devices, while 91% of the organizations that don’t currently use the technology are likely to consider it in the future.

“While it’s positive [organizations] are attempting to address [concerns] by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

However, neither the figures themselves nor the belief in blockchain as a solution are universally accepted. High-Tech Bridge is a firm that provides automated vulnerability scanning for internet-connected systems. Its CEO, Ilia Kolochenko, fears the figures underestimate the problem. “In my experience, less than 10% of European organizations have an up-to-date inventory of their IoT devices, let alone breach detection capacities. Shadow IoT, brought and implemented by employees, exacerbate the situation as corporate data starts being stored on unidentifiable and uncontrollable devices, often with backup in external storage locations or the cloud,” he told SecurityWeek in an emailed comment. 

Advertisement. Scroll to continue reading.

He also believes that the potential for blockchain and national regulations (such as GDPR to protect user data) as solutions is overestimated. “Blockchain technology by definition has nothing to do with many popular attack vectors on IoT devices. GDPR’s role is also questioned, as most of the careless IoT manufacturers are located far beyond EU jurisdiction and do not care about any judicial decisions of European courts against them.”

International regulation on the manufacture and use of IoT devices may be the best solution. But, comments Kolochenko, “Uniform regulation of the IoT market is a Utopia amid current geopolitical tensions in the technology sector. Nonetheless, governmental regulation of secure-by-design IoT is certainly a good idea and probably is the only way to make the IoT market more reliable.”

Related: Why It’s so Hard to Implement IoT Security 

Related: California IoT Cybersecurity Bill Signed into Law 

Related: Addressing IoT Device Security Head-on 

Related: The Path to Securing IoT Ecosystems Starts at the Network

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Hikvision patches CVE-2023-28808, a critical authentication bypass vulnerability that exposes video data stored on its Hybrid SAN and cluster storage products.

ICS/OT

As smart cities evolve with more and more integrated connected services, cybersecurity concerns will increase dramatically.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...