IoT device breaches continue to frustrate companies and put user data at risk

The Internet of Things (IoT) is beginning to creep into most aspects of consumer and business life; whether you’re talking about a smart home or smart office.

The possibilities offered by billions of data points all connecting to provide never-before-seen insights and groundbreaking solutions is quite frankly, staggering.

However, there’s a problem. IoT devices, at their heart, are vulnerable. So, vulnerable in fact, that hackers have hijacked these devices — think back to the Mirai Botnet or Persirai — to wreak havoc.

The issue was so glaring, IoT devices were not being designed with a security-first pragmatism.

Something had to change.

4 modern challenges for the Internet of Things

With the development of embedded networked systems, Bo Wei – senior lecturer in Computer Science at Teesside University – discusses how the technology behind the Internet of Things (IoT) has become mature and readily available in people’s daily lives. Read here

UK: A leading light (despite, Brexit)?

The UK government, facing this problem, introduced the first voluntary IoT Security Code of Practice for manufacturers and developers last year. Security, now, was advised to be introduced at the earliest stages of device conception.

However, Gemalto has revealed that the voluntary practice isn’t having the desired impact, with user data continuing to be put at risk.

This is because six in ten UK organisations can’t tell If their IoT devices have been breached by hackers or not — raising questions about the state of IT security across the country.

In an increasing sign that this isn’t just a UK issue, organisations worldwide are seeking help when securing the IoT, with most businesses (95%) in the global study asking for more security regulations in the IoT industry.

The UK facts

• Just over four in 10 (42%) UK organisations can detect when any of their IoT devices has been breached – the second lowest in Europe after France (36%).
• Two in 10 (21%) believe IoT security is an ethical responsibility.
• Two-thirds (62%) feel that it is very important to have regulations in place regarding IoT security.
• In the UK spending on IoT protection is lower than the global average (11% of IoT budgets).

Jason Hart, CTO of data protection at Gemalto, commented: “The push for digital transformation by organisations has a lot to answer for when it comes to security and bad practices. At times it feels organisations are trying to run before they can walk, implementing technology without really understanding what impact it could have on their security.

“With IoT devices continuing to immerse themselves deep within organisations’ networks, it’s frightening to see that so many UK businesses don’t know if and when these devices have been breached. Although the UK’s new Code of Practice is a great first step toward securing the IoT, it’s won’t truly be effective until these are made mandatory and all organisations are forced to adhere to them. Only once every device, new and old, is given these same standards will the UK see a decrease in successful attacks.”

Securing networks in the IoT revolution

The relationship between network security and the Internet of Things (IoT) has never been easy, but it appears to have reached a tipping point. Read here

Globally vs UK: Same problems

Globally, spending on IoT device protection has grown from 11% in 2017 to 13% now. Nearly all of those surveyed believe it is a big consideration for customers; and almost three times as many now see IoT security as an ethical responsibility (14%), compared to a year ago (4%).

With the number of connected devices set to top 20 billion by 2023, businesses across the world must act quickly to ensure their IoT breach detection is as effective as possible.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” said Hart. “With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses — are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

A call to action

With such a big task in hand, businesses are calling for governmental intervention because of the challenges they see in securing connected devices and IoT services. This is particularly mentioned for data privacy (38%) and the collection of large amounts of data (34%). Protecting an increasing amount of data is proving an issue, with only three in five (59%) of those using IoT and spending on IoT security, admitting they encrypt all of their data.

Consumers, so far, are not impressed with the efforts of the IoT industry, with 62% believing security needs to improve. When it comes to the biggest areas of concern 54% fear a lack of privacy because of connected devices, followed closely by unauthorised parties like hackers controlling devices (51%) and lack of control over personal data (50%).

The best way of protecting the IoT – MuleSoft CTO

Security should be treated as mission-critical and essential in the increasing number of internet-connected, IoT, devices entering the market. Read here

Blockchain: The IoT security tool?

While the industry awaits regulation — which we know can be painstakingly slow — it is seeking ways to address the issues itself, with blockchain emerging as a potential technology; adoption of blockchain has doubled from 9% to 19% in the last 12 months.

Many believe that blockchain technology would be an ideal solution to use for securing IoT devices, with 91% of organisations that don’t currently use the technology likely to consider it in the future.

As blockchain technology finds its place in securing IoT devices, businesses continue to employ other methods to protect themselves against cyber criminals. The majority encrypt their data, while password protection and two factor authentication remain prominent.

Hart continues, “Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store. But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.

Related Topics

IoT devices
IoT Security