Corporate enterprises confounded, confused by the complexities of IoT security

Laura DiDio, Strategy Analytics director, Enterprise
Research and Consulting

“We have met the enemy and it is us,”  says Laura DiDio, Strategy Analytics director of Enterprise Research and Consulting.

A 56% majority of corporate enterprises rank careless end users constitute a bigger threat to corporate IoT security than the combined danger of an edge/perimeter attack and internal security breach by company insiders.

Those are the results of Strategy Analytics 2016 IoT Security Threats and Trends Survey which polled 600 corporations worldwide during November and December 2015.

The Internet of Things (IoT) offers greater opportunities but in interconnected environments, the security risks increase exponentially and the attack vector or surface is in theory, potentially limitless. The survey responses indicate that corporations are confronting an IoT security threat landscape for which they may be woefully ill-prepared.

Among the top survey findings:

  • Majority of companies spend little time on security. A 70% majority of survey respondents spend 0% to 20% of their time on securing their corporate and IoT networksThe survey data indicated that only a seven percent minority of company IT departments devote over 50% of their time to security. Among the companies that allocate a majority of their time to safeguarding the corporate data assets, over two-thirds of those organisations are in Banking/Finance, Government, Defense and Aerospace vertical market segments, according to SA’s survey responses.
  • IT security spending varies widely. The amount of money corporations spend on securing their corporate and IT Security spending varied widely. Tellingly, the largest segment of participants – 40% – was unsure how much their companies spent annually safeguarding the corporate data assets. A 19% minority spend $1 to $20 million annually on security while 11% spend less than $100,000 and 20% reported they do not have a separate IT security budget. The remaining 13% of respondents spend between $101,000 and $999,999 annually on security hardware, software and services.
  • End users constitute biggest threat to IoT security. A 56% majority of respondents said the biggest security threat to their IoT networks was “end user carelessness” followed by 42% who cited “malware”; 32% who said “spyware” and 25% who said Mobile and BYOD devices.
  • More companies experience Hhcks. One-third – 31% of participants said their firms had experienced a hack within the last 12 months vs. 39% that said “No.” However, 25% of participants said they were “Unsure” if their companies had been hacked and the remaining 5% said “they had no way of knowing!”
  • Risky business: 44% of Firms that experienced a security hack were unable to determine the source of the hack, the type of hack or the duration or severity of the hack which puts the business at elevated and extreme risk for a repeat attack. It also indicates that the organisation is unaware of what is going on within its own network. This means that hackers can potentially invade the network and steal, change, hijack valuable data and Intellectual Property without the company’s knowledge and also use the corporate IoT network as an entry point/gateway to other connected partner ecosystems.
  • Denial of service attacks proliferate. DoS attacks at the network, physical and application layers and end user carelessness & failure to turn on security are the most likely causes of successful security hacks. However, in a worrisome trend, nearly four-in-10 businesses – 38% – of survey participants acknowledged they were unable to determine what type of hack their firm had experienced. This means the company also lacked other vital information and it’s likely their data assets, Intellectual Property (IP) and data privacy could have been compromised or stolen without their knowledge. Consequently this places the business, its ends users, customers, business partners and suppliers at increased risk of vulnerability and leaves it open to further security breaches.
  • Few firms successfully detect, repel security attacks. Only six 6% of businesses said they were able to detect and thwart breaches in advance of a successful penetration that disrupted the network or resulted in damage or lost data.

 

slide 4

Conclusions

IoT is a disruptive technology.  It is complex and challenging. Although many aspects and components of IoT are in use today, IoT security and data privacy will demand that vendors, OEMs and corporate end users step up their game with respect to security and data privacy.

Once again, in a world where devices, applications and people are increasingly interconnected, the attack surface is potentially limitless. Organised hackers have become more proficient and the hacks more pervasive and pernicious.  Corporations must be proactive and not reactive with respect to security. The corporation ultimately bears responsibility for the defense of its data and Intellectual Property.

Ask yourself: how much risk can you tolerate? How much loss can you sustain?  What have you got to lose?

Laura DiDio is Strategy Analytics director of Enterprise Research and Consulting.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Make the Intelligent Choice: Embed X103 in Smart City Outdoor Devices

Posted on: April 25, 2024

The adage “less is more” is the current state of digital transformation, starting with existing technology that has already proven successful – and then further adapting and streamlining. The “smart city” embraces this end goal by digitalizing community services where we live and work, such as traffic and transportation, water and power, and other crucial

Read more
top-view-hand-holding smartphone internet communication network

Industrial IoT adoption fuels growth in private cellular networks

Posted on: April 25, 2024

Mission-critical use cases are driving private IoT connection growth in key industrial markets like manufacturing, logistics and transportation. Industrial IoT (IIoT) customers are eager to digitalise critical use cases with high-powered, dedicated networks, making these industries leaders in private 4G and 5G adoption. According to a new report from global technology intelligence firm ABI Research,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more