Consumers confident they can handle IoT security

A new survey from global cybersecurity association ISACA suggests a major confidence gap about the security of connected devices between the average consumer and cybersecurity professionals.

According to the consumer segment of ISACA’s 2015 IT Risk/Reward Barometer, 65% of Australian consumers are confident they can control the security on the Internet of Things (IoT) devices they own.

Yet according to more than 7000 IT and cybersecurity professionals from around the world who responded to a parallel survey, only 22% feel this same confidence about controlling who has access to information collected by their IoT devices. This confidence was even less amongst Australian IT professionals (19%).

Globally, nearly three-quarters of IT and cybersecurity professionals believe manufacturers are not implementing sufficient security in IoT devices.

The survey also showed many professionals feel IoT flies below the radar of many IT organisations — an invisible risk that is underestimated and under-secured.

Among Australian respondents:

• 61% believe their IT department is not aware of all of their organisation’s connected devices (such as connected thermostats, TVs, fire alarms or cars).
• 72% estimate the likelihood of an organisation being hacked through an IoT device is medium or high.
• 57% think that the increasing use of IoT devices in the workplace has decreased employee privacy.

The vast majority of Australian consumers who responded to the survey (80%) consider themselves somewhat or very knowledgeable about the IoT with the average estimated number of IoT devices in their home amounting to six. Smart TVs, fitness trackers and smartwatches were noted as the most wanted devices to purchase over the next 12 months.

“In the hidden IoT, also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data,” said Christos Dimitriadis, international president, ISACA, and group director of information security, INTRALOT.

“The rapid spread of connected devices is outpacing an organisation’s ability to manage and safeguard company and employee data.”

ISACA’s consumer research also suggests that consumers are likely to value businesses that demonstrate their expertise in cybersecurity best practices.

93% of respondents reportedly said it is important that data security professionals hold a cybersecurity certification if they work at organisations with access to consumers’ personal information.

Image credit: ©iStockphoto.com/Federico Caputo