IOActive, an information security services firm, today released the findings of the IOActive Internet of Things (IoT) Security Survey which revealed that less than 10 percent of IoT devices are adequately secured.
The IOActive IoT Security Survey, conducted in March 2016, revealed that nearly half (47%) of all respondents felt that less than 10% of all IoT products on the market are designed with adequate security. A staggering 85% believe that less than half of IoT products are secure. However, 63% of respondents felt the security in IoT products is actually better than in other product categories – a sobering revelation of the state of security sentiment for categories such as software, computing hardware, and medical devices, etc.
The survey showed that 72% of respondents believe security not adequately designed into products is the single biggest challenge facing IoT security. A majority of the security professionals surveyed also felt that uneducated users and user error (63%) and data privacy (59%) were challenges to IoT security.
As remedies to these challenges, respondents looked to minimum security standards and enforcing mandatory product recalls, updates, or injunctions as the two most effective means for improving IoT product security. Additionally, 83% believe that public disclosure of vulnerabilities on its own is not enough, and that some form of regulatory action would be more effective.
“Consensus is that more needs to be done to improve the security of all products, but the exponential rate at which IoT products are coming to market, compounded by the expansive risk network created by their often open connectivity, makes IoT security a particular concern and priority,” said Jennifer Steffens, chief executive officer for IOActive.
IOActive performs a wide range of security research and provides services to organizations interested in building security into products, including a rapidly increasing percentage in the burgeoning IoT category.