64% of consumers confident they can control information access of Internet of Things devices, 78% of professionals say security standards are insufficient.
Is the Internet of Things safe? A new survey from global cyber security association ISACA suggests a major confidence gap about the security of connected devices between the average consumer and cyber security and information technology professionals.
According to the consumer segment of ISACA’s 2015 IT Risk/Reward Barometer, 64 percent of US consumers are confident they can control the security on Internet of Things (IoT) devices they own. Yet according to more than 2,000 US IT and cyber security professionals who responded to a parallel survey, only 20 percent feel this same confidence about controlling who has access to information collected by IoT devices in their homes, and 77 percent say manufacturers are not implementing sufficient security in devices.
More than three in four US consumers consider themselves somewhat or very knowledgeable about IoT, and the average estimated number of IoT devices in their home is five. Smart TVs, connected cameras, cars and fitness trackers top the list of most-wanted devices.
The Hidden Internet of Things
ISACA’s survey of US IT and cybersecurity professionals depicts an IoT that flies below the radar of many IT organizations – an invisible risk that is underestimated and under-secured:
- 50 percent believe their IT department is not aware of all of their organization’s connected devices (e.g., connected thermostats, TVs, fire alarms, cars)
- 74 percent estimate the likelihood of an organization being hacked through an IoT device is medium or high
- 62 percent think that the increasing use of IoT devices in the workplace has decreased employee privacy
Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president, ISACA, and group director of Information Security, INTRALOT, said:
“In the hidden Internet of Things, what is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data. The spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data.”
However, the business risk of not embracing IoT and falling behind competitors may outweigh any potential cost of a cyberattack, noted Dimitriadis. Organizations need to manage the risk to achieve the most benefit.
According to US cyber security and IT professionals, device manufacturers are falling short. Seventy-seven percent do not believe that manufacturers are implementing sufficient security measures in IoT devices, and 78 percent don’t think security standards sufficiently address the IoT and believe that updates and/or new standards are needed. Also, 88 percent believe that device makers don’t make consumers sufficiently aware of the type of information the devices can collect.
ISACA’s consumer research suggests that US consumers are likely to value businesses that can demonstrate their expertise in and commitment to cybersecurity best practices: fully 89 percent of US consumers say it is important that data security professionals hold a cyber security certification if they work at organizations with access to the consumers’ personal information.