Ninety per cent of consumers lack confidence in IoT device security

Research conducted by digital security firm Gemalto shows that 90% of consumers lack confidence in the security of Internet of Things (IoT) devices, while two-thirds of consumers and nearly 80 per cent of organisations support the idea of governments getting involved in setting IoT security.

The findings won’t make for easy reading in public transport networks, as IoT is already playing a major role in the digital revolution that the global urban transport industry is currently undergoing.

The primary fear, cited by two-thirds of the consumers who responded, is hackers taking control of their device. In fact, this is more of a concern than their data being leaked (60 per cent) and hackers accessing their personal information (54 per cent). Despite more than half of consumers owning an IoT device (on average two), just 14 per cent would describe themselves as ‘extremely knowledgeable’ when it comes to the security of these devices, showing that education is needed among both consumers and businesses.

In terms of the level of investment in security, the survey found that IoT device manufacturers and service providers spend just 11% of their total IoT budget on securing their IoT devices. The study found that these companies do recognise the importance of protecting devices and the data they generate or transfer, with half of companies adopting a security by design approach. Two-thirds (67 per cent) of organisations report encryption as their main method of securing IoT assets, with 62 per cent encrypting the data as soon as it reaches their IoT device, and 59 per cent encrypting it as it leaves the device. Ninety two per cent of companies also see an increase in sales or product usage after implementing IoT security measures.

“It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices,” said Jason Hart, CTO, Data Protection at Gemalto. “With legislation like GDPR showing that governments are beginning to recognise the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption.”

The survey results suggest businesses are in favour of regulations to make it clear who is responsible for securing IoT devices and data at each stage of its journey (61 per cent), and what the implications of non-compliance are (55 per cent). In fact, almost every organisation (96 per cent) and consumer (90 per cent) is looking for government-enforced IoT security regulation.

Encouragingly, businesses are realising that they need support in understanding IoT technology and are turning to partners to help, with cloud service providers and IoT service providers the favored options. When asked why, the top reason was a lack of expertise and skills (47 per cent), followed by help in facilitating and speeding up their IoT deployment (46 per cent).

While these partnerships may be benefiting businesses in adopting IoT, organisations admitted they don’t have complete control over the data that IoT products or services collect, as it moves from partner to partner, potentially leaving it unprotected.

“The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit,” Hart continued. “Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. Security by design is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers.”