IT Pros Still Inattentive To IoT Security

by CXOtoday News Desk    Feb 03, 2015

iot security

Internet of Things (IoT) is clearly spreading its wings and if going by reports and researches in recent times, the expanding ecosystem of connected smart devices will proliferate over the next few years. However, what comes across as shocking is a recent study conducted by Atomik Research and cyber threat firm Tripwire, which found that majority of IT professionals and those in senior management are unconcerned and inattentive about the growing risks of cyber criminals attacking the IoT systems.

This immediately needs attention as cyber attacks will automatically lead to huge monetary and reputational damage. Research firm IDC predicts there will be over 28 billion IoT devices installed by 2020, pinning its value at $1.9 trillion. In fact at present, there are around 9 billion of those devices online, with printers, 3D printers, routers and point of sale systems, to wearable devices, smart meters and smart control systems - being common at home and in the enterprises.

The study notes that 63 percent of executives expect that business efficiencies and productivity will force them to accept IoT devices. And while the IoT marketplace is already beginning to be lucrative, all these new devices open up additional attack vectors for enterprise networks.

While potential risks from smartphones, tablets or laptops are somewhat understood, the study notes that businesses are not necessarily prepared for or expecting the IoT to present much of a threat from cyber criminals. Only 46 percent said they believe the risks associated with IoT have the potential to become the most significant risk on their networks.

The study also states when it came to industrial controllers, only 8 percent of IT professionals are concerned that they might be a target for cyber crime, even though 88 percent said they weren’t confident in industrial controllers’ secure configuration. Less than one in four professionals are confident in the secure configuration of common IoT devices already connected to enterprise networks, such as Voice over Internet Protocol (VoIP) phones (21 percent), sensors for physical security (20 percent), smart controllers for lights and HVAC (16 percent).

The reason many enterprises are relatively ‘unconcerned’ about the security of IoT devices, says Chris Conacher, security development manager at Tripwire, is because they misunderstand the risk.

‘They may believe they have ‘solved’ the security problem, when they have not,’ he says. ‘Alternatively, they may believe that there is no security problem when there is. Frequently, organisations believe that they have nothing of value that would interest an attacker – this is rarely true.’

‘For attackers there is always something to be gained, and they’re not always looking for data that has financial value. From the theft of information or services that can be used to add a veneer of legitimacy to phishing campaigns or user credentials that can be used to gain access to a connection point from which to attack corporate partners, there is always something of value.’

The study highlights the need to be able to build security and identity into the Internet of Things in a standard way so that IoT devices can be on-boarded into whichever environment is required – home, business or national critical infrastructure.