While the IoT era of products brings innumerable advances and modern conveniences to the lives of consumers, the connected nature of these products creates unintentional ports to other sensitive and critical systems, data, and devices. When security is insufficient in even seemingly harmless household appliances, wearables, or other IoT products, it presents endemic vulnerabilities and risks.
The IOActive IoT Security Survey, conducted in March 2016, revealed that nearly half (47 percent) of all respondents felt that less than 10 percent of all IoT products on the market are designed with adequate security. A staggering 85 percent believe that less than half of IoT products are secure. However, 63 percent of respondents felt the security in IoT products is actually better than in other product categories a sobering revelation of the state of security sentiment for categories such as software, computing hardware, and medical devices, etc.
Consensus is that more needs to be done to improve the security of all products, but the exponential rate at which IoT products are coming to market, compounded by the expansive risk network created by their often open connectivity, makes IoT security a particular concern and priority, said Jennifer Steffens, chief executive officer for IOActive. According to Gartner, 21 billion connected things will be in use by 2020. Its important for the companies that develop these products to ensure security is built in; otherwise hackers are provided with opportunities to break into not only the products, but potentially other systems and devices theyre connected to.
Companies often rush development to get products to market in order to gain competitive edge, and then try to engineersecurity in after the fact. This ultimately drives up costs and creates more risk than including security at the start of the development lifecycle, Steffens concluded.
The survey showed that 72 percent of respondents believesecurity not adequately designed into productsis the single biggest challenge facing IoT security. A majority of the security professionals surveyed also felt thatuneducated users and user error(63 percent) anddata privacy(59 percent) were challenges to IoT security.
As remedies to these challenges, respondentslooked tominimum security standardsandenforcing mandatory product recalls, updates, or injunctionsas the two most effective means for improving IoT product security. Additionally, 83% believe that public disclosure of vulnerabilities on its own is not enough, and that some form of regulatory action would be more effective.
The IOActive IoT Security Survey was completed by attendees (129) of the IOActive IOAsis San Francisco 2016 event March 1-2, 2016.