IT professionals express doubts over IoT security
According to a new survey, 64 percent of consumers are confident they can control the information access of Internet of Things devices, but 78 percent of IT professionals say security standards are insufficient.
The findings come from the 2015 Risk/Reward Barometer of global cyber security association ISACA and suggest a major confidence gap about the security of connected devices between the average consumer and cyber security and information technology professionals.
More than three out of four US consumers (83 percent) consider themselves to be somewhat or very knowledgeable about the IoT, and have an average of five IoT devices in their home. Smart TVs top the list of most wanted IoT device to get in the next 12 months, with internet-connected cameras, connected cars and wireless fitness trackers also ranked highly.
However, the survey of IT and cyber security professionals reveals that there's an aspect to the IoT that exists below the radar of organizations. 50 percent believe their IT department is not aware of all of their organization's connected devices, things like connected thermostats, TVs, fire alarms and even cars. The likelihood of an organization being hacked through an IoT device is medium or high according to 74 percent of those asked. Also 62 percent think that the increasing use of IoT devices in the workplace has led to a decrease in employee privacy.
"In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data," says Christos Dimitriadis, international president of ISACA and group director of Information Security for INTRALOT. "The rapid spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data".
The survey suggests that some of the fault lies with device manufacturers. 77 percent of professionals say they don't believe that manufacturers are implementing sufficient security measures in IoT devices. A similar proportion (78 percent) don't think current security standards sufficiently address the IoT and believe that updates and/or new standards are needed. Privacy is also an issue with 88 percent believing that device makers don't make consumers sufficiently aware of the type of information the devices can collect.
Whilst consumers are generally less concerned than the professionals, 89 percent of US consumers say it's important that data security professionals hold a cyber security certification if they work at organizations with access to consumers' personal information.
You can read more on the results on the ISACA website and there's a summary of consumer attitudes in infographic form below.