IOT protection needs intervention, quick action

Read time 3min 50sec
Jason Hart, CTO of data protection at Gemalto.
Jason Hart, CTO of data protection at Gemalto.

A survey undertaken by digital security company Gemalto found that only 48% of businesses can detect if their Internet of things (IOT) devices suffer a breach.

This is despite an increased focus on IOT security, with a recent Ericsson report revealing connected devices will reach over 20 billion by 2023.

Businesses need to act quickly to bolster their IOT breach detection, Gemalto says.

It surveyed 950 IT and business decision-makers around the world, finding that spending on IOT security has grown from 11% of IOT budgets in 2017 to 13% today. In addition, 90% believe it is a big consideration for customers, and nearly three times as many today (14%) now see IOT security as an ethical responsibility, compared to only 4% a year ago.

According to the survey, businesses are calling on governments to intervene, with 79% requesting better guidelines on IOT security and 59% seeking clarification on who is responsible for protecting IOT.

Although many governments have already enacted or announced the introduction of regulations specific to IOT security, most (95%) companies believe there should be consistent regulations in place.

Jason Hart, CTO of data protection at Gemalto, says with no consistent regulation guiding the industry, it's no surprise the threats - and, in turn, vulnerability of businesses - are increasing. "This will continue unless governments step in now to help industry avoid losing control."

He says firms are calling for governmental intervention due to the challenges they see in securing connected devices and IOT services, particularly where data privacy (38%) and the collection of large amounts of data (34%) are concerned.

Protecting an increasing amount of data is proving an issue, with only 59% of those using IOT and spending on IOT security claiming they encrypt all of their data.

In addition, 62% believe security in the IOT industry needs to improve, with the biggest concerns revealed as lack of privacy due to connected devices (54%), unauthorised parties such as attackers controlling devices (51%) and lack of control over personal data (50%).

Blockchain to protect IOT?

According to Hart, in the absence of regulation, the industry is looking for ways to address IOT security itself, with blockchain emerging as a potential solution.

"Adoption of blockchain has doubled from 9% to 19% in the last 12 months. Moreover, a quarter (23%) of respondents believe blockchain technology would be an ideal solution to use for securing IOT devices, with 91% of organisations that don't currently use the technology likely to consider it in the future."

He says businesses are also using other tools to protect against cyber criminals, with 71% encrypting their data, 66% using password protection, and another 38% employing two-factor authentication.

Hart says companies are clearly under pressure to protect the burgeoning amount of data they collect and store. "But while it's positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they're not leaving themselves exposed. Businesses need to be putting more pressure on the government to act."

Too optimistic

"I think the survey results are somewhat optimistic, with almost half of European companies claiming to have IOT breach detection capacities," says Ilia Kolochenko, CEO of High-Tech Bridge.

"In my experience, less than 10% of these entities even have an up-to-date inventory of their IOT devices, yet alone breach detection capacities."

He says shadow IOT, brought and implemented by employees, exacerbates the situation, as corporate data starts being stored on unidentifiable and uncontrollable devices, often with backup in external storage locations or the cloud.

Moreover, Kolochenko believes the promise of blockchain as a 'silver bullet' to secure IOT is overestimated, as blockchain technology by its very definition has nothing to do with the many popular attack vectors used to breach IOT devices.

Uniform regulation of the IOT market is a Utopia amid current geopolitical tensions in the technology sector, states Kolochenko. "Nonetheless, governmental regulation of secure-by-design IOT is certainly a good idea and probably is the only way to make the IOT market more reliable and secure."

See also