The amount of money that manufacturers in the UK invest on IoT device security is the second lowest globally, thereby increasing the chances of such devices getting breached by malicious actors.
Consumers and businesses across the world are urging their governments to step in to regulate IoT device security and their encryption standards.
The fact that people in the UK are not very trusting of IoT devices and their security is quite well-known, but a survey by digital security firm Gemalto has revealed some eye-opening reasons to prove why the IoT device security in the UK is probably the lowest in the world at the moment.
According to statistics shared by the firm, the amount of money that IoT vendors in the UK invest in device security is the second lowest globally, with just 9% of their resources committed towards cyber security. Considering that almost next to nothing is being spent on their security, devices sold by such vendors also rank poorly when it comes to encrypting customer data. Gemalto states that only 52% of all data captured on IoT devices is encrypted in the UK.
The lack of investment in IoT device security is also because of the fact that even though over 90% of consumers are worried about the security around their IoT devices, only 19% UK businesses believe that security is the main consideration for consumers when buying a device.
‘With GDPR looming, it’s worrying that UK IoT vendors and internet service providers (ISPs) aren’t as serious about prioritising the security of IoT devices as their counterparts across the world. UK consumers are clearly concerned by their IoT data, and are demanding that the government takes more action to ensure that companies are being responsible with it,’ said Joe Pindar, Director of Product Strategy at Gemalto.
Considering the lack of seriousness among vendors, as many as 79% of organisations and 75% of consumers in the UK are now calling for urgent Government intervention to ensure the security of IoT devices. A legislation to that effect may go a long way in forcing such vendors to invest more on IoT device security compared to other features.
‘With legislation like GDPR showing that governments are beginning to recognise the threats and long-lasting damage cyber-attacks can have on everyday lives, they now need to step up when it comes to IoT security. Until there is confidence in IoT amongst businesses and consumers, it won’t see mainstream adoption,’ said Jason Hart, CTO, Data Protection at Gemalto.
Earlier this month, research by security firm Check Point revealed that as many as a million organisations around the world were affected by a new botnet that could take control over IoT devices like internet routers and remote cameras easily. So far, Botnet-led malware attacks on IoT devices have affected 49% of healthcare organisations, 82% of manufacturing, 76% of retail and 85% of government-owned or issued IoT tech.
The need to make IoT devices cheaper, more accessible and more user-friendly has forced IoT-device makers to pay less heed to security. ‘It’s not always going to a tech guru installing; as this technology becomes more widely available, the average user needs to be able to order, receive, (pre)setup and forget as quickly as possible to make it desirable for the untechnical user to embrace.
‘All of these features make the perfect recipe for disaster- one we have seen before, we will see again, and one which, worryingly, we will continue to see until security becomes a minimum standard for any internet connected device,’ said Mark James, Security Specialist at ESET.