65 per cent of Australian consumers confident they can control information access of Internet of Things devices, 71 per cent of Australian IT professionals say security standards are insufficient
Is the Internet of Things safe? A new survey from global cybersecurity association ISACA suggests a major confidence gap about the security of connected devices between the average consumer and cybersecurity and information technology professionals.
According to the consumer segment of ISACA’s 2015 IT Risk/Reward Barometer, 65 per cent of Australian consumers are confident they can control the security on the Internet of Things devices they own. Yet according to 7,016 global IT and cybersecurity professionals who responded to a parallel survey, only 22 per cent feel this same confidence about controlling who has access to information collected by Internet of Things devices in their homes—and this number is even lower among Australian IT professionals, at 19 percent. Globally, 72 per cent of IT and cybersecurity professionals say manufacturers are not implementing sufficient security in Internet of Things devices.
More than three in four AU consumers (81%) consider themselves somewhat or very knowledgeable about the Internet of Things (IoT) and the average estimated number of Internet of Things devices in their home is six. Smart TVs top the list of most wanted Internet of Things devices to purchase in the next 12 months, with wireless fitness trackers and smart watches also ranked highly.
The Hidden Internet of Things
ISACA’s survey of IT and cybersecurity professionals depicts an Internet of Things that flies below the radar of many IT organisations – an invisible risk that survey respondents believe is underestimated and under-secured. Among the Australian respondents:
- 61 percent believe their IT department is not aware of all of their organisation’s connected devices (e.g., connected thermostats, TVs, fire alarms, cars)
- 72 percent estimate the likelihood of an organisation being hacked through an Internet of Things device is medium or high
- 57 percent think that the increasing use of Internet of Things devices in the workplace has decreased employee privacy
The Internet of Things for business-to-business use alone is expected to expand from 1.2 billion devices in 2015 to 5.4 billion connected devices worldwide by 2020, according to one estimate.* “In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security for INTRALOT. “The rapid spread of connected devices is outpacing an organisation’s ability to manage it and to safeguard company and employee data.”
According to AU cybersecurity and IT professionals surveyed, device manufacturers are falling short. Seventy-five per cent say they do not believe that manufacturers are implementing sufficient security measures in Internet of Things devices. A nearly equal proportion (71%) don’t think current security standards sufficiently address the Internet of Things and believe that updates and/or new standards are needed. Privacy is also an issue; 90 per cent believe that device makers don’t make consumers sufficiently aware of the type of information the devices can collect.
ISACA’s consumer research suggests that AU consumers are likely to value businesses that can demonstrate their expertise in and commitment to cybersecurity best practices: fully 93 per cent of AU consumers say it is important that data security professionals hold a cybersecurity certification if they work at organisations with access to the consumers’ personal information.
“It’s not a case of if, but when a device manufacturer is hacked. We’ve already seen improvements made by companies that adopt industry-wide security standards, and device manufacturers should do the same. By adopting security standards and setting security governance and professional development for their cybersecurity employees, companies can be more cyber resilient,” said Garry Barnes, practice lead, Governance Advisory, at Vital Interacts, Australia, and international vice president of ISACA. “It’s also good for business—the research shows that customers want their IoT devices to be secure and data to remain private.”
Ways for Enterprises to Maintain a Cyber-Secure Workplace
- Safely embrace Internet of Things devices in the workplace to keep competitive advantage.
- Ensure all workplace devices owned by organisation are updated regularly with security upgrades.
- Require all devices be wirelessly connected through the workplace guest network, rather than internal network.
- Provide cybersecurity training for all employees to demonstrate their awareness of best practices of cybersecurity and the different types of cyberattacks.
Ways for Consumers to Protect Internet of Things Privacy and Security
- Require all developers who build software to have appropriate performance-based cybersecurity certification to ensure safe coding practices are being followed.
- Insist all social media sharing be opt-in.
- Encrypt all sensitive information, especially when connecting to Bluetooth-enabled devices.
- Build Internet of Things devices that can be automatically updated with new security upgrades.
ISACA established Cybersecurity Nexus (CSX) to help organisations develop their cybersecurity workforce and help individuals advance their cybersecurity careers. For information on CSX, including the CSX 2015 cybersecurity conference and the new CSX Practitioner certification, visit https://cybersecurity.isaca.org.
About the Risk/Reward Barometer
The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, the Barometer polls thousands of IT and cybersecurity professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on online polling of 7,016 ISACA members in 140 countries from 27 August to 8 September 2015. Additional online surveys were fielded by M/A/R/C Research among 1,227 consumers in the US, 1,025 consumers in the UK, 1,060 consumers in Australia, 1,060 consumers in India and 1,057 consumers in Mexico. The US survey ran 17-20 August 2015, and the UK, Australia, India and Mexico surveys ran 21-30 August 2015. At a 95 per cent confidence level, the margin of error for each individual country sample is +/- 3.1 percent. To see the full results, visit www.isaca.org/risk-reward-barometer.
ISACA (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.
* ABI Research for Verizon, 2015. http://www.verizonenterprise.com/state-of-the-market-internet-of-things/