Survey Finds Most IoT Products Have Inadequate Security
June 8, 2016
IOActive Inc., a provider of research-driven security services, released the findings of the IOActive Internet of Things (IoT) Security Survey, completed by senior security professionals earlier this year that revealed less than 10 percent of IoT products have adequate security.
While the IoT era of products brings innumerable advances and modern conveniences to the lives of consumers, the connected nature of these products creates unintentional ports to other sensitive and critical systems, data and devices. When security is insufficient in even seemingly harmless household appliances, wearables or other IoT products, it presents endemic vulnerabilities and risks, according to press release from IOActive Inc.
The IOActive IoT Security Survey, conducted in March 2016, revealed that nearly half (47 percent) of all respondents think less than 10 percent of all IoT products on the market are designed with adequate security. A staggering 85 percent believe that less than half of IoT products are secure. However, 63 percent of respondents believe the security in IoT products is actually better than in other product categories — a sobering revelation of the state of security sentiment for categories such as software, computing hardware and medical devices, etc.
“Consensus is that more needs to be done to improve the security of all products, but the exponential rate at which IoT products are coming to market, compounded by the expansive risk network created by their often open connectivity, makes IoT security a particular concern and priority,” said Jennifer Steffens, IOActive CEO. “According to Gartner, 21 billion connected things will be in use by 2020. It’s important for the companies that develop these products to ensure security is built in; otherwise hackers are provided with opportunities to break in to not only the products, but potentially other systems and devices they’re connected to.
“Companies often rush development to get products to market in order to gain competitive edge, and then try to engineer security in after the fact. This ultimately drives up costs and creates more risk than including security at the start of the development lifecycle,” Steffens concluded.
The survey showed that 72 percent of respondents believe security not adequately designed into products is the single biggest challenge facing IoT security. A majority of the security professionals surveyed also believe uneducated users and user error (63 percent) and data privacy (59 percent) were challenges to IoT security.
As remedies to these challenges, respondents looked to minimum security standards and enforcing mandatory product recalls, updates or injunctions as the two most effective means for improving IoT product security. Additionally, 83 percent believe that public disclosure of vulnerabilities on its own is not enough, and that some form of regulatory action would be more effective.
IOActive performs a wide range of security research and provides services to organizations interested in building security into products, including a rapidly increasing percentage in the burgeoning IoT category.
For information, visit www.ioactive.com/services/internet-of-things-IoT.