Two-Fifths of IT Leaders regard IoT Security as Afterthought

IT leaders could be dangerously underestimating the security risks posed by IoT, according to new research from Trend Micro.

The security vendor polled 1150 IT and security decision-makers in the UK, Germany, the US, Japan and France.

Despite businesses spending an average of over $2.5m each year on IoT projects, they don’t appear to be investing in cybersecurity.

Even though 63% of respondents agreed that IoT-linked attacks have increased over the past year, just half (53%) think they’re a threat to their organization.

This might explain why over two-fifths (43%) regard IoT security as an afterthought, and just 38% get security teams involved in the implementation process for new projects. This drops even further for smart factory (32%), smart utility (31%) and wearable (30%) projects.

Responding organizations suffered an average of three attacks on connected devices over the past year, according to Trend Micro.

“The embedded operating systems of IoT devices aren’t designed for easy patching, which creates a universal cyber risk problem,” said the firm’s COO, Kevin Simzer. “The investment in security measures should mirror the investment in system upgrades to best mitigate the risk of a breach that would have a major impact on both the bottom line and customer trust.”

While loss of customer trust (52%) and monetary loss (49%) were thought to be the biggest consequences of a related breach, loss of personally identifiable information (32%) and regulatory fines (31%) came some way behind. That’s despite the new GDPR, which could impose severe financial penalties on firms found not to have taken customer data protection seriously in the event of a breach.

“The significant investment in this technology across the globe is testament to the fact that IoT solutions can bring many advantages to businesses,” Simzer concluded. “But if security is not baked into the design of IoT solutions, and SDMs [security decision makers] aren’t involved in the IoT implementation process, businesses could face damages far greater than the benefits this connected tech delivers.”