The Keyfactor report, “Digital Trust in a Connected World: Navigating the State of IoT Security,” reveals 97% of surveyed organisations struggling to secure their IoT and connected products to some degree. The research survey also found that 98% of organisations experienced certificate outages in the last 12 months, costing an average of over US$2.25 million.
“Organisations worldwide are under mounting pressure to ensure their IoT and connected devices are protected while navigating an increasingly complex digital landscape that requires complete trust,” said
Ellen Boehm, senior vice president, IoT Strategies and Operations at Keyfactor, says the survey demonstrates the importance of identity-first security for those who manufacture IoT devices and those who deploy and operate them in their environment to establish digital trust at scale.
She opines that most organisations implement PKI solutions in their IoT security strategy, which is a huge step in the right direction.
“Ensuring that IoT device security is managed throughout its lifecycle will go a long way in both eliminating costly certificate outages and enhancing the long-term viability of IoT within the enterprise.” Ellen Boehm
Highlights of the survey
Unrelenting attacks: 89% of respondents’ organisations that operate and use IoT and connected products have been hit by cyberattacks at an average cost of US$250K. The March attack on Amazon’s Ring that exfiltrated sensitive customer data such as recorded footage and credit card numbers is an example of the increase in IoT attacks.
In the past three years, 69% of organisations have seen an increase in cyberattacks on their IoT devices.
Boehm says many IoT security strategies fail to prevent and protect against IoT-targeted cyberattacks because organisations lack the proper education and support needed to fully understand the task at hand.
She added that over half of respondents agree that their organisation doesn’t have the proper awareness and expertise to prepare for IoT device cyberattacks, spotlighting the need for more guidance to fully secure their devices.
“Organisations can’t protect against what they cannot understand,” she called out.
Proliferating growth of IoT devices: Respondents reported a 20% average increase in the number of IoT and connected products used by organisations over a three-year period.
IT is not fully confident in the security of IoT and connected devices: About 88% of respondents agree that improvements are needed in the security of IoT and connected products in use within their organisation. 37% of respondents reporting that significant improvement is needed and 60% reported that some improvement is needed.
When it comes to specific strategies, 4 in 10 organisations report that they strongly agree they would benefit from using a PKI to issue digital identities on the IoT and IIoT devices in their environment.
IoT security budgets being diverted to cover costs from outages: While budgets for IoT device security are increasing year over year, with an anticipated increase of 45% in the next five years, 52% of that budget is at risk of being diverted to cover the cost of successful cyber breaches on IoT and connected products.
Pointing fingers on responsibility: 48% believed that the manufacturer of IoT or connected devices should be at least mostly responsible for cyber breaches on their products.