Security professionals not convinced by IoT security

According to a new survey, 64 per cent of consumers are confident they can control the information access of Internet of Things devices, but 78 per cent of IT professionals say security standards are insufficient.

The findings come from the 2015 Risk/Reward Barometer of global cyber security association ISACA and suggest a major confidence gap about the security of connected devices between the average consumer and cyber security and information technology professionals.

More than three out of four US consumers (83 per cent) consider themselves to be somewhat or very knowledgeable about the IoT, and have an average of five IoT devices in their home. Smart TVs top the list of most wanted IoT device to get in the next 12 months, with internet-connected cameras, connected cars and wireless fitness trackers also ranked highly.

However, the survey of IT and cyber security professionals reveals that there's an aspect to the IoT that exists below the radar of organisations. 50 per cent believe their IT department is not aware of all of their organisation's connected devices, things like connected thermostats, TVs, fire alarms and even cars. The likelihood of an organisation being hacked through an IoT device is medium or high according to 74 per cent of those asked. Also 62 per cent think that the increasing use of IoT devices in the workplace has led to a decrease in employee privacy.

"In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data," says Christos Dimitriadis, international president of ISACA and group director of Information Security for INTRALOT. "The rapid spread of connected devices is outpacing an organisation’s ability to manage it and to safeguard company and employee data".

The survey suggests that some of the fault lies with device manufacturers. 77 per cent of professionals say they don't believe that manufacturers are implementing sufficient security measures in IoT devices. A similar proportion (78 per cent) don't think current security standards sufficiently address the IoT and believe that updates and/or new standards are needed. Privacy is also an issue with 88 per cent believing that device makers don't make consumers sufficiently aware of the type of information the devices can collect.

Whilst consumers are generally less concerned than the professionals, 89 per cent of US consumers say it's important that data security professionals hold a cyber security certification if they work at organisations with access to consumers' personal information.

You can read more on the results on the ISACA website and there's a summary of consumer attitudes in infographic form below.

Image source: Shutterstock/a-image