Internet of Things devices–like smart lightbulbs or ovens or even toilets–are notoriously susceptible to being hacked. But the security problems go much deeper than preventing your average smart toaster from becoming a foot soldier in a botnet army.
A new report from the security company Gemalto surveyed 950 companies that both make and use IoT technology, and found that 48% of companies that use IoT devices in the workplace don’t have mechanisms in place to detect if any of their devices are hacked or not… even though nearly all respondents believe that security is an important way to win over customers and 65% believe security is a way to differentiate from the competition.
As the number of connected devices grows–the report states that the industry is on track to see 20 billion IoT devices by 2023–the security of these devices will only become more important. That growing significance is reflected in the percentage of budget companies spend on IoT security, which has increased from 13% in 2017 to 15% today. While budget is increasing, 15% still seems like a laughably small amount to be spending on security in a time when data breaches are in the news every month.
Meanwhile, 79% of the survey respondents are looking to outside entities–governments–to set and enforce tougher standards for security. The survey found that 95% of business leaders thought there should be regulations for IoT security–a stark contrast to the behavior of many American companies that have long sought to avoid regulation. 59% of these companies are looking for the government to answer the question of who is responsible for security.
When asked how their organization views IoT security, 24% believe security is simply the foundation for offering new services (which decreased from 32% in 2017), 15% believe it’s a way to improve the customer experience, and another 14% only see it as a way to avoid the cost of failing to protect data and the ensuing damage to a company’s brand. Surprisingly, only 14% believe that providing security is an ethical consideration–though that number has grown more than three times from Gemalto’s last survey in 2017. The increase in emphasis on ethics reveals that businesses are starting to think more about their role when it comes to securing products against hacks as one of moral responsibility, rather than just as a feature.
As the report concludes, “consumers are clearly not impressed with the efforts of the IoT industry.” 62% of users believe that security needs to get better. After all, it’s 2019. If you can’t build a secure connected product that’s private by design, you really shouldn’t be building a product at all.