Companies still can’t detect IoT device breaches

Digital security expert Gemalto has revealed its latest research shows that only around half (48%) of businesses can detect if any of their Internet of Things (IoT) devices suffers a breach.

This is despite the UK Government introducing the IoT security code of practice for manufacturers and developers last year.

Gemalto said that the voluntary practice isn’t having the desired impact, with consumer data continuing to be put at risk.

In an increasing sign that this isn’t just a UK issue, organisations worldwide are seeking help when securing the IoT, with most businesses (95%) in the global study asking for more security regulations in the IoT industry.

The study found IoT security has grown in importance for businesses globally, with:

  • Nearly all (90%) businesses believing it is a major consideration for customers;
  • Spending on protection has grown (from 11% of IoT budget in 2017 to 13% in 2018); and
  • Almost three times as many now see IoT security as an ethical responsibility (14%).

Gemalto said that with the number of connected devices set to top 20 billion by 2023, businesses must act quickly to ensure their IoT breach detection is as effective as possible.

Jason Hart, CTO of data protection at Gemalto, said: “The push for digital transformation by organisations has a lot to answer for when it comes to security and bad practices. At times it feels organisations are trying to run before they can walk, implementing technology without really understanding what impact it could have on their security.

“With IoT devices continuing to immerse themselves deep within organisations’ networks, it’s frightening to see that so many UK businesses don’t know if and when these devices have been breached.

“Although the UK’s new Code of Practice is a great first step toward securing the IoT, it won’t truly be effective until these are made mandatory and all organisations are forced to adhere to them. Only once every device, new and old, is given these same standards will the UK see a decrease in successful attacks.”

Surveying 950 IT and business decision makers globally, Gemalto found that companies are calling on governments to intervene, with 79% asking for more robust guidelines on IoT security, and 59% seeking clarification on who is responsible for protecting IoT.

Despite the fact that many governments have already enacted or announced the introduction of regulations specific to IoT security, most (95%) businesses believe there should be uniform regulations in place. This is particularly mentioned for data privacy (38%) and the collection of large amounts of data (34%). Protecting an increasing amount of data is proving an issue, with only three in five (59%) of those using IoT and spending on IoT security, admitting they encrypt all of their data.

Hart continued: “Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store. But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed.

“In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”