Survey Reveals IoT is Now Biggest Security Risk

A report from the ISACA found that the Internet of Thing (IoT) is now the biggest cybersecurity threat. According to the 2017 State of Cyber Security Study, IoT recently surpassed mobile as the biggest security threat to organisations.

This increased threat comes on the heels of increased adoption of the new technology. According to the study, 97% of organisations that responded to the survey have seen IoT usage increase over the past year. However, this increased uptake in technology has not been matched by an increase in security.

The Internet of Things refers to the growing network of interconnected devices or smart devices. These devices are able to collect and exchange data in an automated process in order to help perform tasks or to learn from a process. In healthcare, this might include devices for remote monitoring or to keep track of inventory. In manufacturing, connected devices can be used to make decisions to streamline processes.

While adoption of new technology may be increasing, there are concerns from security professionals about the readiness of companies to deal with IoT security threats. According to the report, 62% of respondents experienced ransomware attacks in 2016, but only 53% developed a plan to address future ransomware attacks. Similarly, only 31% reported that the test their security controls on a routine basis, while 13% said they never test them.

Security attacks aimed at IoT device vulnerabilities are on the rise, although are less prevalently reported. In November 2016, cybercriminals successfully managed to gain control of the heating controllers for two buildings in Finland. By causing the smart thermostats to continually reboot, the heating was never able to turn on. Since the weather in Finland is frequently below freezing at this time of year, this was a significant security breach.

A lack of funding and investment in cyber security was identified as one possible reason for the increased threat. According to the survey, 48% of respondents don’t feel confident in their staff’s ability to deal with complex security threats. And rather than increase security spend, around half of those surveyed said they will see an increase in their cyber security budget this year, down from 61% in 2016.

As we have mentioned in previous blog posts, increased transparency and a willingness to learn from past mistakes are essential to ensuring security for businesses. If the industry is ever able to fully benefit from the opportunities offered by the Internet of Things, the threats to these smart devices must also be taken into consideration.