(Image Credit: iStock/PonyWang)
A study conducted by the Ponemon Institute has revealed 80 percent of IoT apps have security vulnerabilities that are putting consumers and organisations at risk.
While the scale of vulnerabilities is concerning, more so is the apparent lack of care about securing apps from the start. 55 percent of the 593 IT security practitioners surveyed claim there is "a lack of quality assurance and testing procedures for IoT apps."
After recent high-profile attacks, there was some expectation IoT device manufacturers and their app developers would improve security testing procedures. The most high-profile attacks were carried out last year using the Mirai botnet which hijacked IoT devices to carry out the largest DDoS attacks in history.
84 percent of the respondents are “very concerned” about the ongoing threat of malware to mobile apps. Interestingly, while still high, fewer of the respondents (66%) are concerned about malware targeting IoT apps in particular.
Security executives are naturally concerned about the risk apps present to their organisations. 79 percent of respondents say the use of mobile apps, and 75 percent of respondents say the use of IoT apps, increase security risk “very significantly” or “significantly”.
There is slightly more concern about being hacked through an IoT app (58%) than a mobile app (53%). This is likely due to sensor information which IoT devices often collect, which can include visual and audio data.
Despite this awareness of widespread security problems, few are doing much to protect themselves and leave vulnerabilities ready to be exploited. They're leaving the virtual door wide open to intruders, which can have very real-world consequences.
Most of these problems are expected to stem from a lack of understanding about the risks from other personnel within the organisation without security backgrounds. Widespread adoption of the IoT is just beginning, so it may take a while before real understanding begins and the risks identified.
Security executives meanwhile need to push for proactive testing and ensure vulnerabilities are fixed and strong cryptographic key protection is utilised to improve the security of IoT devices and their apps. For manufacturers, the focus needs to switch from rushing attractive products to market, to ensuring the products which reach the market are secure. Functionality can often be deployed later, but restoring your company's reputation from a high-profile attack is a difficult task with serious financial implications.
You can find the full study here (PDF)
Are you shocked at the scale of IoT vulnerabilities? Share your thoughts in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.