On average, an Indian household owns 7 Internet of Things devices; however 72 percent of IT professionals believe device manufacturers aren’t implementing sufficient security measures in these devices
Mumbai (14 October 2015) - Is the Internet of Things safe? A new survey from global cybersecurity association ISACA suggests a major confidence gap about the security of connected devices between consumers and cybersecurity and information technology professionals.
According to the consumer segment of ISACA’s 2015 IT Risk/Reward Barometer, 81 percent of Indian consumers surveyed are confident they can control the security on the Internet of Things (IoT) devices they own. Yet according to the 7,016 IT and cybersecurity professionals globally who responded to a parallel survey, only 22 percent feel this same confidence about controlling who has access to information collected by IoT devices in their homes, and 72 percent say manufacturers are not implementing sufficient security in IoT devices.
The vast majority (95%) of Indian consumers consider themselves somewhat or very knowledgeable about the Internet of Things and report that the average estimated number of IoT devices in their home is seven. Smart TVs at 46% top the list of most wanted IoT device to get in the next 12 months, followed by smart watches (36%) and Internet-connected home alarm systems (29%).
While 84 percent of Indian consumers own at least one Internet of Things device, they are still wary of the related risks. A majority of respondents (80%) believe their credit / debit card information can be potentially collected via IoT and could be misused by cybercriminals. Additionally, 93% respondents believe hacking into an IoT device amounts to burglary.
The worldwide IoT is expected to expand from 1.2 billion devices in 2015 to 5.4 billion connected devices by 2020, according to one estimate.*
The Hidden Internet of Things
ISACA’s survey of IT and cybersecurity professionals globally depicts an IoT that flies below the radar of many IT organizations – an invisible risk that survey respondents believe is underestimated and under-secured:
- 73 percent estimate the likelihood of an organization, being hacked through an IoT device is medium or high
- 63 percent think that the increasing use of IoT devices in the workplace has decreased employee privacy
- 50 percent say their organization’s BYOD (bring your own device) policy does not address wearable tech
“In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data,” said Christos K. Dimitriadis, International President, ISACA. “The rapid spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data.”
According to the cybersecurity and IT professionals surveyed, device manufacturers are falling short. Seventy two percent say they do not believe that manufacturers are implementing sufficient security measures in IoT devices. Moreover 73% respondents don’t think current security standards in the industry sufficiently address the Internet of Things and believe that updates and/or new standards are needed. Privacy is also an issue; 84 percent believe that IoT device makers don’t make consumers sufficiently aware of the type of information the devices can collect.
“As the usage of IoT devices increases in India, it is important that device manufacturers adopt an industry-wide security standard that addresses IoT security. Furthermore, there is a need for them to install rigorous security governance and professional development for their cybersecurity employees. This move will further boost the acceptance of IoT in the country, as our research shows there is a direct relation between positive customer sentiment and companies that can demonstrate credentials,” said Avinash Kadam, Advisor – ISACA India Cybersecurity Initiative.
Ways for Enterprises to Maintain a Cyber-Secure Workplace
- Safely embrace IoT devices in the workplace to keep competitive advantage
- Ensure all workplace devices owned by organization are updated regularly with security upgrades
- Require all devices be wirelessly connected through the workplace guest network, rather than internal network
- Provide cyber security training for all employees to demonstrate their awareness of best practices of cyber security and the different types of cyberattacks
Best Practices for Manufacturers of IoT Devices
- Require all developers who build software to have appropriate performance-based cyber security certification, to ensure safe coding practices are being followed.
- Insist all social media sharing be opt-in.
- Encrypt all sensitive information, especially when connecting to Bluetooth-enabled devices.
- Build IoT devices that can be automatically updated with new security upgrades.
ISACA established Cybersecurity Nexus (CSX) to help organisations develop their cybersecurity workforce and help individuals advance their cybersecurity careers. For information on CSX, including the CSX 2015 cybersecurity conference and the new CSX Practitioner certification, visit https://cybersecurity.isaca.org.
About the Risk/Reward Barometer
The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, the Barometer polls thousands of IT and cybersecurity professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on online polling of 7,016 ISACA members in 140 countries from 27 August to 8 September 2015. Additional online surveys were fielded by M/A/R/C Research among 1,227 consumers in the US, 1,025 consumers in the UK, 1,060 consumers in Australia, 1,027 consumers in India and 1,057 consumers in Mexico. The US survey ran 17-20 August 2015, and the UK, Australia, India and Mexico surveys ran 21-30 August 2015. At a 95 percent confidence level, the margin of error for each individual country sample is +/- 3.1 percent. To see the full results, visit www.isaca.org/risk-reward-barometer.
ISACA (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.
ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Kristen Kessinger, +1.847.660.5512, firstname.lastname@example.org
Sharon Lobo, email@example.com, +91-9869813869
Madiha Vahid, firstname.lastname@example.org, +91-9819001881
* ABI Research for Verizon, 2015. http://www.verizonenterprise.com/state-of-the-market-internet-of-things/