Cyber security mindset is changing
30 May 2019
EIGHT IN ten organisations have experienced a cyberattack on their IoT devices in the past 12 months, according to new research by Irdeto.
Of those organisations, 90% experienced an impact as a result of the cyberattack, including operational downtime and compromised customer data or end-user safety. This demonstrates the security limitations of many IoT devices and the need for organisations to think carefully about a cybersecurity strategy amidst an IoT deployment.
The Irdeto Global Connected Industries Cybersecurity Survey of 700 enterprises in five countries (China, Germany, Japan, UK and US) also found that organisations in transport, manufacturing and healthcare have suffered substantial losses due to IoT-related vulnerabilities, with the average financial impact as a result of an IoT-focused cyberattack identified as more than $330,000 USD. With IoT in its relative infancy across these sectors, this substantial financial burden is only going to increase if action is not taken. However, it’s not all gloom and doom for these sectors. Of those surveyed, 99% agree that a security solution should be an enabler of new business models, not just a cost. These findings suggest that the previous mindset of IoT security as an afterthought is changing.
“One of the most promising results of the study found that today’s organisations in technology, transport, manufacturing and healthcare are thinking even more strategically about security,” said Steeve Huin, vice president of strategic partnerships, business development and marketing, Irdeto. “This is a clear indication that today’s businesses realize the value add that security can bring to their organisation. From enabling new rental or subscription models in connected vehicles, to Digital Twins revolutionizing the manufacturing processes, to providing patients with even better healthcare, security is the enabler to successfully implementing new and future business models in today’s connected world.”
While the security mindset may be changing, the research also suggests a distinct lack of optimism about the future security of IoT devices within these organisations. Only 7% of respondents stated that their organisation has everything it needs to tackle cybersecurity challenges. 46% stated they need additional expertise/skills within the organisation to address all aspects of cybersecurity. This was followed closely by more effective cybersecurity tools and the implementation of a more robust cybersecurity strategy at 43% each.
Perhaps even more alarming, 82% of organisations that manufacture IoT devices are concerned that the devices they develop are not adequately secured from a cyberattack. Further, a total of 93% of manufacturers and 96% of users of IoT devices stated that the cybersecurity of the IoT devices that they manufacture or use could be improved either to a great extent or to some extent. In the UK, Germany and China, 100% of IoT device users believe that the cybersecurity of the devices they use could be improved either to a great extent or to some extent – an alarming finding, considering that these devices are proliferating rapidly throughout these organisations.
“The benefits brought to a wide range of industries by connectivity and the Internet of Things are not in doubt. However, greater connectivity opens organisations and their customers up to a myriad of additional vulnerabilities that must be considered from the outset,” said Jaco Du Plooy, vice president of IoT Security, Irdeto. “If you want to take advantage of the benefits of connected devices or software, you need to choose wisely where to spend your time and budget. Organisations must understand the scope of their current risk, ask hard cybersecurity-centric questions to vendors and work with trusted advisors to safely embrace connectivity in their manufacturing process. Then organisations must incorporate multiple layers of security into their defenses.”
With IoT-focused cyberattacks becoming more and more common, organisations rightly have several security measures in place. However, the study found that more than one-in-four organisations (26%) do not have software protection technologies implemented into their business. In addition, fewer organisations have mobile app protection (52%) implemented and even fewer still make security a part of the product design lifecycle process (49%). The study also found that only just over half of the organisations surveyed (53%) conduct continuous security and/or code reviews.
However, while it’s clear that many organisations may not have the most robust cybersecurity strategy in place, most are planning on adding to their cybersecurity portfolio in the next year. Of the businesses surveyed, 18% plan on adding software protection in the next year, while 29% plan on adding mobile app protection, 30% plan on making security part of the product design lifecycle and 29% plan on implementing continuous security and/or code reviews in the next year.
Click here to download the full report on the survey results: https://go.irdeto.com/connected-industries-cybersecurity-survey-report/