Enterprises have begun sustaining major losses stemming from the lack of good practices as they move forward with incorporating the Internet of Things (IoT) into their business models, according to a new study from DigiCert.
The study found that among companies surveyed that are struggling the most with IoT security, 25% reported IoT security-related losses of at least $34 million in the last two years.
These findings come amid a ramping up of IoT focus within the typical organization. More than four in five (83%) respondents indicated that IoT is extremely important to them currently, while 92% they anticipate IoT to be extremely important to their respective organizations within two years.
The survey was conducted by ReRez Research in September 2018, with 700 enterprise organizations in the US, UK, Germany, France and Japan from across critical infrastructure industries.
Top concerns
Security and privacy topped the list of concerns for IoT projects, with 82% of respondents stating they were somewhat to extremely concerned about security challenges.
“Enterprises today fully grasp the reality that the Internet of Things is upon us and will continue to revolutionize the way we live, work and recreate,” said Mike Nelson, vice president of IoT Security at DigiCert.
“Securing IoT devices is still a top priority that many enterprises are struggling to manage; however, integrating security at the beginning, and all the way through IoT implementations, is vital to mitigating rising attacks, which can be expected to continue. Due diligence when it comes to authentication, encryption and integrity of IoT devices and systems can help enterprises reliably and safely embrace IoT.”
Top vs. bottom performers
To give visibility to the specific challenges enterprises are encountering with IoT implementations, respondents were asked a series of questions using a wide variance of terminology. Using standard survey methodology, respondents’ answers were then scored and divided into three tiers:
- Top-tier: Enterprises experiencing fewer problems and demonstrating a degree of mastery mitigating specific aspects of IoT security.
- Middle-tier: Enterprises scoring in the middle range in terms of their IoT security results.
- Bottom-tier: Enterprises experiencing more problems that were much more likely to report difficulties mastering IoT security.
IoT security missteps
Respondents were asked about IoT-related security incidents their organizations experienced within the past two years. The difference between the top- and bottom-tiers was unmistakable.
Companies struggling the most with IoT implementation are much more likely to get hit with IoT-related security incidents. Every single bottom-tier enterprise experienced an IoT-related security incident in that time span, versus just 32% of the top-tier.
These security incidents were not trivial. Among companies surveyed that are struggling the most with IoT security, 25% reported IoT security-related losses of at least $34 million in the last two years.
The top five areas for costs incurred within the past two years were monetary damages, lost productivity, legal/compliance penalties, lost reputation and stock price hits.
Meanwhile, although the top-tier enterprises experienced some security missteps, an overwhelming majority (almost 80%) reported no costs associated with this those missteps.
Top-tier enterprises attributed their security successes to practices including encrypting sensitive data, ensuring integrity of data in transit, scaling security measures, securing over-the-air updates, and securing software-based encryption key storage
“When it comes to accelerating implementations of IoT, it’s vital for companies to strike a balance between gaining efficiencies and maintaining security and privacy,” Nelson said. “This study shows that enterprises that are implementing security best practices have less exposure to the risks and resulting damages from attacks on connected devices. Meanwhile, it appears these IoT security best practices, such as authentication and identity, encryption and integrity, are on the rise and companies are beginning to realize what’s at stake.”
First published in Networks Asia