Three items – two surveys and a government study – that were released in recent weeks show just how serious the Internet of Things (IoT) security situation is.
Altman Vilandrie & Company found that 48 percent of responding organizations’ IoT networks have been breached, some more than once.
The survey, which included results from almost 400 firms, also touched on budgetary issues. IoT security breaches are equal to 13.4 percent of annual total revenue of firms that take in less than $5 million. Almost half of larger companies with annual revenues of more than $2 billion estimated just one breach could cost more than $20 million, according to the press release.
There is some solace, if not outright good news, in the release. Companies that are proactive fare better:
The data indicated that preparedness helps: companies that have not experienced a security incursion have invested 65% more on IoT security than those who have been breached. The survey also showed that IT decision-makers often chose IoT security solutions based more on provider reputation and product quality rather than focusing on cost as a primary decision driver.
Three other key findings were highlighted in the release:
- Sixty-eight percent consider IoT security a distinct category – but only 43 percent have a discrete budget.
- Seventy-four percent centralize IoT security decisions for the entire company.
- The three reasons for adopting IoT security: “preventing loss of control over IoT devices,” “preventing breaches of customer information” and “preventing breaches of company data.”
The Altman Vilandrie & Company results complemented those from the ISACA (formerly the Information Systems Audit and Control Association). Its research found that 80 percent of its responding members expect to be cyberattacked this year, and 53 percent say that they have experienced more attacks this year than last.
Almost all respondents, 97 percent, report that IoT defense is now their primary focus. It overtook mobile as the most important area to secure.
The third report, which doesn’t solely focus on security, is from the U.S. General Accounting Office (GAO). It sees the IoT as a great challenge that creates significant information security and privacy issues. It portrays an area where standards are not set and responsibility is divided between various federal agencies. The sense is that a lot of work needs to be done:
Adoption will likely accelerate as IoT devices become more affordable and offer increasing benefits. However, significant challenges accompany the wider adoption of IoT technologies. For example, devices that collect health information on patients may be vulnerable to hacking. With the rapid global expansion of IoT, security and privacy measures become increasingly important to curtail its misuse.
The reports – in particular, the surveys from Altman Vilandrie & Company and the ISACA – suggest that the IoT so far has shown great vulnerability. Moreover, the evidence suggests that more serious problems lie ahead if concerted actions are not taken.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.
