Article by Gemalto Australia & New Zealand regional director Graeme Pyper
New data shows that IoT stakeholders are making progress when it comes to securing the Internet of Things (IoT) and the data it produces, but still have a long way to go.
In order to assess the current situation globally, Gemalto surveyed 950 IT and business decision makers with awareness of IoT in their organisation.
The results indicate a shift in attitudes towards IoT security.
According to respondents, IoT security is not a priority, but Australian organisations want to do better.
While just 12% of Australian companies are devoting their IoT budgets to security, 87% said they believe security is a major consideration for their customers and almost all (98%) believe that a strong approach to IoT security is a key competitive differentiator.
Three predominant security tools emerged as the top methods Australian organisations are using to secure their IoT data/services/devices.
The most popular being password protection, with nearly three quarters (73%) of organisations currently adopting it as a form of security.
The majority (68%) of organisations opted for encryption.
While this represents a figure lower than our global counterparts, it is a vast improvement from what we have seen previously.
According to an earlier study, encryption was only in place to help limit the damage in 4% of the 944 breach incidents that took place in the first half of 2018.
Less prominent, but still very promising, is the increased use of blockchain to protect IoT networks on a global scale.
Blockchain offers the ability to authenticate devices on a network more effectively, and the number of respondents using it rose by a full ten percent – from nine to 19% globally.
Nearly a quarter (24%) of Australian organisations said they would ideally use the blockchain to secure its IoT, while 93% of those who don’t use the technology would consider using it in the future.
What needs to change
Australians are calling for more regulation around IoT security, with the majority (84%) believing government intervention is crucial to IoT security, and more than half (54%) seeking clearer regulations.
Ownership is a key theme here; 66% seek clarification of who is responsible for securing IoT data at each stage of the journey.
In spite of the above security methods, nearly two-thirds (63%) of Australian organisations are unable to detect when any IoT product has been breached.
This is an obvious concern, given the rising number of connected devices represent a growing attack surface for hackers to exploit, not to mention that an undetected data breach can cause serious damage.
Data privacy is also an issue.
Even as the public has grown more aware of data privacy issues, nearly half (48%) of respondents admit their organisation struggles to ensure data privacy when trying to secure their IoT products or services.
Additionally, 38% said they experience challenges associated with collecting large amounts of data from connected devices.
Respondents to the survey were also consumers of IoT.
As the number of connected devices in organisations as well as in the home increases, consumers are calling for greater security of their data.
Nearly all (91%) respondents agree that IoT product manufacturers or service providers should take responsibility for ensuring device security.
What’s in store
Ultimately, it’s clear that there is a growing appreciation for the importance of security to the IoT.
Gemalto previously advocated a security-by-design approach – which involves building security mechanisms into IoT technologies as a foundational piece of their development.
According to this survey, the number of organisations taking such an approach rose from 50% to 57% this year globally.
This growth is very promising for the future of IoT security.
Despite this, there is a common acknowledgement shared between nations that the government needs to step up and provide more robust regulations around IoT.
While the number of connected devices sets to rise to 20 billion by 2023, organisations must take all precautions to ensure breach detection and data protection is continuously improving.