IOActive: Less Than 10% of Internet of Things (IoT) Products Have Adequate Security According to Practitioner Survey

Share Article

Reveals call for minimum security standards

It’s important for the companies that develop these products to ensure security is built in; otherwise hackers are provided with opportunities to break into not only the products, but potentially other systems and devices they’re connected to.

IOActive, Inc., the worldwide leader in research-driven security services, today released the findings of the IOActive Internet of Things (IoT) Security Survey, completed by senior security professionals earlier this year .

While the IoT era of products brings innumerable advances and modern conveniences to the lives of consumers, the connected nature of these products creates unintentional ports to other sensitive and critical systems, data, and devices. When security is insufficient in even seemingly harmless household appliances, wearables, or other IoT products, it presents endemic vulnerabilities and risks.    

The IOActive IoT Security Survey, conducted in March 2016, revealed that nearly half (47%) of all respondents felt that less than 10% of all IoT products on the market are designed with adequate security. A staggering 85% believe that less than half of IoT products are secure. However, 63% of respondents felt the security in IoT products is actually better than in other product categories – a sobering revelation of the state of security sentiment for categories such as software, computing hardware, and medical devices, etc.

“Consensus is that more needs to be done to improve the security of all products, but the exponential rate at which IoT products are coming to market, compounded by the expansive risk network created by their often open connectivity, makes IoT security a particular concern and priority,” said Jennifer Steffens, chief executive officer for IOActive. “According to Gartner, 21 billion connected things will be in use by 2020 . It’s important for the companies that develop these products to ensure security is built in; otherwise hackers are provided with opportunities to break into not only the products, but potentially other systems and devices they’re connected to.”

“Companies often rush development to get products to market in order to gain competitive edge, and then try to engineer security in after the fact. This ultimately drives up costs and creates more risk than including security at the start of the development lifecycle,” Steffens concluded.

The survey showed that 72% of respondents believe security not adequately designed into products is the single biggest challenge facing IoT security. A majority of the security professionals surveyed also felt that uneducated users and user error (63%) and data privacy (59%) were challenges to IoT security.

As remedies to these challenges, respondents looked to minimum security standards and enforcing mandatory product recalls, updates, or injunctions as the two most effective means for improving IoT product security. Additionally, 83% believe that public disclosure of vulnerabilities on its own is not enough, and that some form of regulatory action would be more effective.

IOActive performs a wide range of security research and provides services to organizations interested in building security into products, including a rapidly increasing percentage in the burgeoning IoT category.

For an infographic highlighting the results of the IOActive Internet of Things (IoT) Security Survey, please visit: http://www.ioactive.com/iot.html

For more information on IOActive’s Internet of Things Assurance Services, please visit: http://www.ioactive.com/services/internet-of-things-IoT.html

IOActive will host Evening IOActivated in London on June 7, during Europe’s largest security exhibition. For more information on the event and to register, please visit: http://www.ioactive.com/alerts/evening-ioactivated-is-coming-to-london.html

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit http://www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.

1. The IOActive IoT Security Survey – was completed by attendees (129) of the IOActive IOAsis San Francisco 2016 event March 1-2, 2016.
2. http://www.cnbc.com/2016/02/01/an-internet-of-things-that-will-number-ten-billions.html

Press contact:
Craig Brophy
Global PR Manager, IOActive, Inc.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Craig Brophy
IOActive
+1 206 462 2291
Email >
@IOActive
Follow >
IOActive
since: 08/2009
Like >
Visit website