Mocana, a San Francisco based company that focuses on smart device security, recently released a study that tuned into the impact of security threats to non-PC devices.
Connected devices like smartphones, smartgrid components, Internet TVs, and medical and automobile electronics already outnumber PCs on the Internet by five to one.
According to Mocana’s 2011 Mobile and Smart Devices Security Survey, respondents showed substantially increased awareness of connected smart devices and the rapidly growing risks associated with them. Yet survey results indicate that in general, companies they aren’t properly prepared to handle device security breaches. Specifically, results of the survey suggest that companies don’t yet have the security tools or expertise in place to handle device security problems. Nevertheless, organizations seem to be going “full steam ahead” with device rollouts, anyway – which may dramatically increase the business, financial and liability impacts of future device security breaches.
According Symantec’s Internet Security Threat Report, released earlier this week, there has been a 42 percent increase in the number of reported new mobile operating system vulnerabilities over the past year.
“It’s more than a little risky,” Mocana CEO Adrian Turner said. “It’s a little bit like everyone in the country deciding to send five million kids to kindergarten without measles or polio immunizations – and just hoping for the best.”
Some highlights from Mocana’s Report:
• 71 percent of respondents said they were concerned about security of mobile phones.
• 64 percent said that attacks on smart devices already required the regular attention of their IT staff, or would this year.
• 63 percent said their organization had already deployed smart devices, despite these concerns.
• Fifty-four percent said security issues around non-PC devices had already caused disruption to their networks. But 51 percent said their organizations still did not regularly update or patch against device threats – on even a once-a-month basis.
“Securing the ‘Internet of Things’ is going to be challenging,” Turner said. “With products ranging from medical devices, office printers, smart phones and household appliances to smart grid utility meters, security cameras and industrial controls, there’s no ‘software box’ you can buy to protect them.” He continued, “Why? Device security is a tough nut to crack. Processor limitations, memory constraints, battery life and a slew of other idiosyncrasies particular to device environments make device security technically difficult. But with so many more devices than PCs on the Internet, it’s crucial. Now is the time to address smart device security head-on.”
Mocana conducted the survey by distributing the survey to thousands of professionals; a demographic mix heavily weighted towards information technology professionals, device manufacturers and embedded experts. They were asked a series of questions about device security problems facing their specific organizations, as well as their perception of their industry’s ability to deal with mounting device security threats. As the demographic of this survey was technical and device industry-focused, it is thought that this data will be useful as “leading indicators” of the emerging device security issue for enterprises and consumers in general.
The full report is available here.