There is a major confidence gap between the average consumer and cyber security and information technology professionals concerning the security of connected devices, according to ISACA.
A survey from the global cyber security association shows that 64% of US consumers are confident they can control the security on the Internet of Things (IoT) devices they own.
Yet according to more than 7,000 global IT and cyber security professionals who responded to a parallel survey, only 22% feel this same confidence about controlling who has access to information collected by IoT devices in their homes.
Consumers in the UK, India, Australia and Mexico are similarly confident in their cyber self-defense skills, and the majority consider themselves knowledgeable or very knowledgeable about the IoT. This number ranges from 95% of Indian consumers to 76% of UK consumers.
The global average estimated number of Internet of Things devices in the home was six. Smart TVs topped the list of most wanted connected device to buy in the next 12 months, with wearable devices, such as smart watches and fitness trackers, also highly ranked.
ISACA’s survey of global IT and cybersecurity professionals depicts an IoT that flies below the radar of many IT organizations—an invisible risk that survey respondents believe is underestimated and under-secured:
- Nearly half believe their IT department is not aware of all of their organization’s connected devices (e.g., connected thermostats, TVs, fire alarms, cars)
- 73% estimate the likelihood of an organization being hacked through an IoT device is medium or high
- 63% think that the increasing use of IoT devices in the workplace has decreased employee privacy
The IoT for business-to-business use alone is expected to expand from 1.2 billion devices in 2015 to 5.4 billion connected devices worldwide by 2020, according to one estimate.
“In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data,” ICASA international president Dr Christos Dimitriadis said.
“The rapid spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data.”
However, the business risk of not embracing the IoT and falling behind competitors may well outweigh any potential cost of a cyberattack, noted Dimitriadis. He added that organizations need to manage the risk to achieve the most benefit.
According to global cyber security and IT professionals surveyed, device manufacturers are falling short. Seventy-two percent say they do not believe that manufacturers are implementing sufficient security measures in IoT devices.
A nearly equal proportion (73%) don’t think current security standards sufficiently address the IoT and believe that updates and/or new standards are needed. Privacy is also an issue; 84% believe that device makers don’t make consumers sufficiently aware of the type of information the devices can collect.