The vast majority of the UK’s information security professionals don’t believe there are sufficient standards or measures in place to adequately secure Internet of Things (IoT) devices, leading to a major risk of being hacked, according to ISACA.
The industry body polled its 7,000+ global members to compile its 2015 IT Risk/Reward Barometer and found major misgivings about the Internet of Things, which is a concern given that Gartner believes there’ll be 25 billion connected “things” in use by 2020.
Specifically, three-quarters of UK respondents claimed they thought device manufacturers aren’t implementing enough security on their products and 73% said there’s a general lack of industry standards.
The biggest IoT security concern is device vulnerabilities, according to 41% of UK respondents, while 64% said there’s a medium to high risk of firms being hacked through their IoT devices.
In fact, nearly two-thirds (62%) claimed they’re expecting such a cyber-attack in the next year, but just half (51%) were confident they’re prepared for this.
Adding to the uncertainty is the fact that a majority of respondents (56%) felt their IT departments are not able to track all the devices in their organization.
The most popular tip for mitigating the risk of an IoT-related security incident was by far and away to simply avoid storing sensitive or classified data on the device itself (43%).
ISACA advised IT buyers to ensure all devices are up to date with patches; connect through a workplace guest network rather than the internal network; and that staff are fully trained in best practice cybersecurity awareness.
It also advised device manufacturers to ensure all their software developers have “appropriate performance-based cybersecurity certification”; that they encrypt all sensitive information; build IoT devices so they can be easily updated; and insist all social media sharing is opt-in.
"With the explosion in popularity and hype around the Internet of Things, it is proving difficult for manufacturers and organizations to keep up with the clear realities and implications for security the IoT represents,” said ISACA international vice president, Ramsés Gallego.
“The rapid spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data. We need to change that so we can reap the many benefits of the IoT.”