Research by security firm Gemalto has revealed that 52% of businesses worldwide cannot detect if any of their IoT devices suffer a breach, pointing to the fact that the state of IoT device security could be much worse than projected at present.
Two years ago, when the adoption of IoT devices in the UK had already started gathering pace, Gemalto revealed that the amount of money that IoT vendors in the UK invested in IoT device security was the second lowest globally, with just 9% of their resources committed towards cyber security.
Considering that almost next to nothing was being spent on IoT device security, the firm revealed that only 52% of data captured by IoT devices in the UK was encrypted. This was a direct consequence of the fact that only 19% of UK businesses believed that security was the main consideration for consumers when buying a device.
Forget resolving, most firms cannot even detect IoT device breaches
Almost a year and a half later, things haven’t changed much as far as the security and privacy of users of IoT devices is concerned. A new survey of 950 IT and business decision makers from across the world by Gemalto has revealed that less than half of all businesses have the ability to detect IoT device breaches.
The survey revealed that even though global spending on IoT device security has increased from 11% in 2017 to 13% now and that 14% of businesses consider implementing IoT device security as an ethical responsibility now compared to just 4% in 2017, only 59% of businesses that have deployed IoT devices in their networks have encrypted all of their data.
“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached. With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, the vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control,” said Jason Hart, CTO of Data Protection at Gemalto.
According to Ilia Kolochenko, CEO of High-Tech Bridge, the fact that almost half of businesses have IoT breach detection capacities could be overstated as less than 10% of organisations in Europe have an up-to-date inventory of their IoT devices and a large number of businesses are struggling with ensuring visibility over shadow IT devices.
“Shadow IoT, brought and implemented by employees, exacerbate the situation as corporate data starts being stored on unidentifiable and uncontrollable devices, often with backup in external storage locations or the cloud,” he said.
Businesses using blockchain to secure IoT devices
According to Gemalto’s survey, almost 19% of businesses are now using blockchain technology to secure IoT devices in their networks, 23% of IT and business decision makers are convinced that blockchain technology would be an ideal solution to use for securing IoT devices, and 91% of businesses who aren’t using blockchain at present are likely to consider it in the future.
In order to keep their IT networks secure from external threats and to prevent the leakage of customer or enterprise data, 71% of businesses are now encrypting their data, 66% are implementing password protection, and 38% are using two-factor authentication to keep unauthorised entities at bay.
However, Kolochenko says that the belief that blockchain technology can secure IoT devices is overestimated. “Blockchain technology by definition has nothing to do with many popular attack vectors on IoT devices. GDPR’s role is also questioned, as most of the careless IoT manufactures are located far beyond EU jurisdiction and do not care about any judicial decisions of European courts against them. Moreover, not every IoT is designed to store or process PII, thus making GDPR simply inapplicable,” he says.