Security Architecture, Endpoint/Device Security, IoT, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Businesses wary of IoT security says new report

Security appears at the top of business leaders worries when implementing IoT in their workplace, according to a new report.

Carried out by data centre company IO and information-security company Webroot, the research surveyed 500 CEOs and senior decision makers on their attitudes towards the dawn of IoT in the enterprise.  Some 92 percent of all enterprises surveyed are going ahead with IoT projects in the coming year and 60 percent of UK businesses are increasing investment towards IoT by nearly half.

Crucially though, security hangs heavy in the minds of business leaders. The report notes that, "concerns around digital security are a constant and inevitable source of concern for modern businesses. Data security in particular is a perennial problem. So it is unsurprising that business leaders are worried about its impact on IoT initiatives."

Among those surveyed 80 percent believe that security is impeding  IoT innovation; 57 percent think that security is likely to be compromised if innovation happens too quickly and 37 percent voiced concerns about data security.

John Sirianni, security specialist at Webroot doesn't blame them. He mentions in the report, in recent memory, “we have already seen every class of critical infrastructure hacked – power plants, oil and gas refineries, aeroplanes, etc. They have all been compromised at some level.”

Cyber-criminals have yet to figure out real ways to monetise breaching the IoT. David Kennerley, EMEA threat research manager at Webroot spoke to  saying that this peace will not last for much longer: “In truth the criminal monetisation of IoT is only limited by how creative and motivated cyber-criminals wish to be. Hacked IoT devices could provide a nice beachhead to the network resulting in more traditional cyber-attacks.”

The report believes there is a way around these fears:  Automation. Sirianni writes in the report: “The speed at which the cyber-criminals innovate is generally faster than the speed at which enterprises can react. We believe that it's the IoT solution providers who will invest in the best automated self-learning security and bring the most effective cyber-protection solutions to the critical operational enterprise."

Ken Munro, managing director of Pen Test Partners spends a good deal of his day testing, and breaking IoT security. He's become infamous for his lectures on breaking IoT kettles and making talking children's dolls swear. Munro spoke to SC; he doesnt think that IoT vendors will be the most likely to solve IoT security issues, saying, "I've seen quite the opposite in reality. Production schedules and critical timelines of getting product to market make retro-fitting security quite difficult for IoT devices."

Vendors often prioritise getting their new IoT devices to market. Many IoT vendors are not even well-placed to fix their own security, said Munro: "Most IoT vendors are small start-ups. Even Tesla, which has taken the security side of its connected vehicles very seriously, has made security errors along the way."

Kennerley believes that through greater co-operation the IoT can be better secured and businesses can get around to using it faster. “IoT manufacturers need to work more closely with cyber-security professionals,” Kennerly told SC. He adds: “Businesses need to be assured that IoT manufacturers are taking security seriously, that it's not just an afterthought – that it's considered at the design phase, to release and beyond.  At the same time manufacturers need to work together as many are facing the same problems”.

As IoT appears closer and closer on the horizon, how are governments going to deal with it? The report notes that the interconnection inherent in IoT allows ways around european data laws. To that end, says the report, “enforcing data regulation and legislation is likely to become harder as a result.”

The industry, or those surveyed, show a partiality for community strategies when it comes to securing the IoT. Two thirds think that interoperability is needed between organisations before anyone starts committing to IoT solutions. In fact nearly 60 percent are already, will soon be, engaged in such community efforts.

Governments though are finding it hard to come to grips with this attitude. They're stuck in the mindset that data silos are the way to do security even as data increasingly floods onto the network. The report notes: “As they look at ways to deploy network technology to deliver services in a more efficient manner, they are also struggling with the notion of data-sharing across organisations”.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.