Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Governance, Risk and Compliance, Compliance Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Survey: 85 percent of senior security pros say more than half of IoT products are not secure


It's not exactly a shock that experts still regard the Internet of Things (IoT) as a potential security minefield. However, the overwhelming proportion of executives who continue to distrust IoT as a secure technology does ring some alarm bells, based on the results of a new survey from research-oriented security service firm IOActive.

In IOActive's recently released IoT Security Survey, 85 percent of senior security professionals believe that less than half of IoT products presently on the market are secure, while 47 percent believe less than 10 percent are safe.

On the other hand, what's even more unusual is that 63 percent of respondents indicated that non-IoT product categories – including hardware, mobile technology, software and medical vehicles – is in even worse shape than IoT, suggesting that security practices across the board are highly inadequate.

Asked to cite the primary challenges facing proper IoT device security, 72 percent of respondents said the biggest impediment was a failure to bake security mechanisms into the device itself. “Things like not using encryption to transmit data from one device to another. We see that on a regular basis,” Daniel Miessler, director of advisory services at IOActive, said in an interview with Or “having different security requirements for mobile applications vs. web applications.” 

Weak cloud security, whereby credentials are susceptible to a brute-force attack, is another common problem, he added.

These are very fundamental mistakes that companies are making. That's the type of stuff want to see [fixes] built in if we want to see any kind of improvement,” said Miessler.

The next most commonly cited challenges to IoT security were uneducated users and user error (63 percent), and data privacy (59 percent).

The majority of survey-takers, 83 percent, also agreed that public disclosure of IoT vulnerabilities, in and of itself, is not a significant enough step toward improving IoT product security, and that some form of regulatory action would be more effective. Setting minimum security compliance standards and issuing mandatory product recalls, updates and injunctions were the top two suggestions for measurably improving IoT security.

“We're already seeing a top-down regulation approach where at some point the government is going to go after or in some way sanction companies who don't put what is deemed to be minimum security into their products,” hopefully inspiring consumers to feel more confident, said Miessler. At the same time, Miessler believes consumer confidence and demand will also grow as an increasing number of IoT manufacturers take the necessarily steps to market their products as safe and secure.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.