Orgs Slow to Advance IoT Security

Despite the burgeoning IoT market, organizations made limited progress on IoT security in 2018, according to a new report from Gemalto. Though there is evidence of incremental improvements, security measures are being outpaced by the rapid growth of IoT, which is on track to hit 20 billion devices by 2023.

The survey queried 950 IT and business decision-makers with awareness of IoT in their organization in 2018. Of those, only 48% of companies said that they have the ability to detect whether their IoT devices have suffered a breach; however, 90% of respondents believe that security is a major concern for their customers.

According to the report, more than half (54%) of consumers fear that their privacy may be compromised with IoT devices, yet only 14% of the survey participants see protecting customer privacy by security IoT devices as an ethical responsibility.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” said Jason Hart, CTO, data protection at Gemalto, in a press release. “With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

More than a third (38%) of participants said they experience privacy challenges associated with collecting large amounts of IoT data. Still, more organizations have started using passwords to protect IoT devices. While 63% of organizations said they used passwords in 2017, the number of positive responses rose to 66% in 2018.

Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store,” Hart said. “But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”