When you buy an IoT device, you probably assume the company that made it thinks it's secure. Not so fast - more than four in five of them are at least as worried as you that their product is hackable.
According to a survey from digital platform security vendor Irdeto in late May, 82% of IoT manufacturers felt that their devices were not properly secured from cyber-attacks. What's more, 96% of them felt that their device security could improve, either to some extent or a great extent.
“For many manufacturers of IoT devices, security is still an afterthought instead of something that should be implemented at the very beginning,” the report warned.
One area for improvement includes device security updates. Only 48% of manufacturers provide security updates for a device's entire lifetime, beyond warranty. Consequently, a lot of IoT device users will find themselves on their own after the warranty expires. That won't be comforting for, say, healthcare organizations with connected devices managing critical patient data.
The company surveyed IoT customers alongside manufacturers, interviewing 700 decision makers spanning both groups across five countries, including the UK.
Across both users and manufacturers, 80% of IoT devices have experienced a cyber-attack in the last year, Irdeto found. Of those victims, 90% suffered an impact, such as operational downtime (the most common outcome, affecting 47% of victims) or compromised customer data.
The average cost of an IoT-related cyber-attack was $330,602, according to the research.
Nearly half (45%) of all respondents said that software was the most vulnerable part of their IoT devices. This makes sense, because patching can be difficult. It often runs on low-powered, small-footprint hardware that may only connect to the network periodically.
There was a silver lining of sorts, though. “The previous mindset of security as an afterthought is changing,” the report said. “One of the most promising results of the study found that today’s organizations are thinking even more strategically about security.”
As many as 99% of the survey base agreed that a security solution should enable new business models and that it was time to move away from the idea of security as a cost center.
That's a lovely idea. It remains to be seen whether manufacturers will improve security enough to put it into practice, though, or whether enterprise users will master cybersecurity enough to turn it into a selling point.
The topic of Cyber Physical/IoT will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Cyber Physical/IoT here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
