Security in the Internet of Things is neglected

The Japanese IT security company Trend Micro has published the results of a global survey on the Internet of Things (IoT) and its protection. More than 1,150 decision-makers from IT and IT security participated in the survey. Among other things, they were asked about investments made and planned, implementation strategies and technological challenges.

Security plays a secondary role in the Internet of Things

The growing number of networked devices makes companies vulnerable to a variety of cyber threats. Nevertheless, 43 percent of respondents answered that IT security plays only a secondary role in the implementation of IoT projects. Among respondents from Germany, this figure was the highest in the world at 46 percent. While nearly two-thirds of respondents (63 percent) said cyberattacks related to IoT applications have increased in the past 12 months, only half (53 percent) of them classify connected devices as a threat to their business.

The findings also suggest that insufficient security testing may be being done before new devices are added to enterprise environments. The survey also found that companies have experienced an average of three attacks on connected devices in the last 12 months. Just over a third of companies (38 percent) that have implemented or are in the process of implementing IoT solutions have involved IT security experts in the implementation process. Of these, smart factories, smart utilities (31 percent) and wearables (30 percent) each account for about a third (32 percent). But that equally means that a sizable portion of companies worldwide are opening the door to a variety of threats. "Many companies see IoT systems as the future and are therefore deploying new types of connected devices in their network environments," said Udo Schneider, security evangelist at Trend Micro. "While this improves their business processes, it also poses a major problem in terms of new cyber risks, as the built-in operating systems typically cannot be patched easily. Investments in IT security measures should therefore be aligned with investments in upgrading systems. This is the only way to reduce the risk of data loss, which can have a major impact on sales and customer confidence."

Security, accountability, reputation and impact on affected companies

According to the respondents, the most important consequences of a data loss are a loss of customer confidence (52 percent), closely followed by financial damage (49 percent). Although the recently enacted EU General Data Protection Regulation (GDPR) is a high priority for many, the consequences arising from it were rated as significantly less significant. According to respondents, a security-related IoT incident would have a negative impact on the following areas, among others:

• Customer trust (52 percent)
• Financial damage (49 percent)
• Loss of personal data (32 percent)
• Penalties by authorities (31 percent)
• Data security breaches (28 percent)

Companies invest USD 2.5 million per year in the Internet of Things

Data breaches can have a major impact on business processes: For example, they can put companies' GDPR compliance at risk or cripple critical networks. The research confirms that IT security must not be merely a footnote. Instead, it must play a key role in the implementation of IoT projects and processes from the outset. Udo Schneider continues: "The considerable investment in technology shows that IoT solutions offer many benefits for companies. However, IT security must be built into the design of the solutions and IT experts must be involved in the development and implementation process. Otherwise, companies may face damages that far exceed the potential gains of the technology." The findings also show that there is currently heavy investment in IoT technologies: Companies are spending an average of $2.5 million per year. Given the significant financial outlay and the serious impact a cyber attack can have on businesses, IT security should be prioritized to mitigate risks.

Source: www.trendmicro.ch