IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
IoT breaches: Nearly half of businesses still can’t detect them
Wed, 16th Jan 2019
FYI, this story is more than a year old

The Internet of Thing's (IoT's) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.

The company surveyed 950 IT and business decision makers around the world.

According to the study, almost half (48 percent) of businesses still can't detect IoT device breaches. This is despite the survey revealing an increased focus on IoT security:

The allocation of IoT budgets for protection has risen from 11 percent in 2017 to 13 percent today

90 percent of companies believe it is a big consideration for customers

Almost three times as many now see IoT security as an ethical responsibility

According to Gemalto, companies are increasingly calling on governments to intervene with 79 percent demanding more robust guidelines on IoT security, and 50 percent seeking clarification on who is responsible for protecting IoT.

Despite the fact that many governments have already imposed or announced regulations specific to IoT security, 95 percent of businesses affirm there should be uniform regulations in place – which Gemalto asserts is also echoed by the clear majority of consumers.

“Given the increase in the number of IoT-enabled devices, it's extremely worrying to see that businesses still can't detect if they have been breached,” says Gemalto Data Protection CTO Jason Hart.

“With no consistent regulation guiding the industry, it's no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.

Gemalto says businesses are seeking government intervention as they perceive the process of securing connected devices and IoT services to be a mammoth task. This is particularly pronounced for data privacy (38 percent) and the collection of large amounts of data (34 percent).

The relentless growth in the amount of data and the protection obligations that comes with it appears to be an increasing headache for businesses, with only three in five of those using IoT and spending on IoT security actually encrypting all of their data.

62 percent of consumers are not impressed with the current proceedings and believe security needs to improve. When it comes to the biggest areas of concern, 54 percent fear a lack of privacy because of connected devices, trailed closely by unauthorised parties like hackers controlling devices (51 percent) and lack of control over personal data (50 percent).

A technology that is gaining in prominence as an IoT security tool, Gemalto says, is blockchain. The adoption of blockchain has more than doubled over the last year, from 9 percent to 19 percent.

Furthermore, 23 percent believe that blockchain technology would be an ideal tool to secure IoT devices, while 91 percent of organisations that aren't currently using blockchain technologies are likely to consider it in the future.

In terms of methods businesses are using to protect themselves against cybercriminals, 71 percent encrypt their data, while password protection (66 percent) and two factor authentication (38 percent) remain prominent.

“Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store,” says Hart.

“But while it's positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they're not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.