Businesses and consumers are demanding that IoT security regulations are put in place. According to a Gemalto survey, as many as 96 per cent of organisations and 90 per cent of consumers believe there is a need for IoT regulations. Those surveyed also said that they wanted government involvement in coming up with and deploying those regulations.
"It’s clear that both consumers and businesses have serious concerns around IoT security and little confidence that IoT service providers and device manufacturers will be able to protect IoT devices and more importantly the integrity of the data created, stored and transmitted by these devices," said Jason Hart, CTO, Data Protection at Gemalto. "With legislation like GDPR showing that governments are beginning to recognize the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption."
Consumers’ main fear (cited by two thirds of respondents) is hackers taking control of their device. In fact, this was more of a concern than their data being leaked (60 per cent) and hackers accessing their personal information (54 per cent). Despite more than half (54 per cent) of consumers owning an IoT device (on average two), just 14 per cent believe that they are extremely knowledgeable when it comes to the security of these devices.
Yet despite the fears surrounding the safety of IoT devices, a surprisingly amount of money is being spent on protecting these devices. In terms of the level of investment in security, the survey found that IoT device manufacturers and service providers spend just 11 per cent of their total IoT budget on securing their IoT devices.
"The lack of knowledge among both the business and consumer worlds is quite worrying and it’s leading to gaps in the IoT ecosystem that hackers will exploit," Hart continues. "Within this ecosystem, there are four groups involved – consumers, manufacturers, cloud service providers and third parties – all of which have a responsibility to protect the data. ‘Security by design’ is the most effective approach to mitigate against a breach. Furthermore, IoT devices are a portal to the wider network and failing to protect them is like leaving your door wide open for hackers to walk in. Until both sides increase their knowledge of how to protect themselves and adopt industry standard approaches, IoT will continue to be a treasure trove of opportunity for hackers."