A recent study out from the UK says that 58% of businesses were unable to detect a security breach in IOT devices.
If you’ve been following Freezenet for some time now, you know that security incidences happen with frightening regularity. Companies are out there admitting that their data has been breached. Cryptopia is one such recent example.
Other times, the people running the service don’t even know their information is potentially compromised. Sometimes, a leak is ultimately reported by their user base. Bethesda’s Fallout 76 game being a good example of that.
Then, there are cases where security researchers stumble upon evidence of a leak or breach. The United States Postal Service being one such example.
One thing all of these incidences have in common is the fact that someone saw something and reported it. Whether it is a concerned user, a security researcher, or, best case scenario, it is someone internally noticing something is amiss. A perfectly valid question might be, what happens if no one notices? Security researchers can’t exactly be everywhere at all times after all. Sometimes, breaches happen and the consequences aren’t even known right away. Additionally, mistakes happen within a company.
As it turns out, this is a very real problem. A new study out of the UK paints a rather creepy picture on the state of security. According to Telecoms, a study looking into IOT (Internet of Things) related businesses says that 58% of those companies couldn’t detect a data breach. The report raises concerns about whether the UK is ready for IOT devices because of this:
First and foremost, we need to put a disclaimer on this report. Gemalto is a security company and is thus incentivised do its best scaremongering to drive revenues. The more scared companies are about potential data breaches, and the punishments which follow the incidents, the more likely they are to buy security software. Making the world a big, bad, horrible place is an effective marketing strategy for security vendors.
That said, considering the lax approach most of the industry takes towards security and data protection, we suspect many of the statistics being discussed are pretty accurate.
“The push for digital transformation by organisations has a lot to answer for when it comes to security and bad practices,” said Jason Hart, CTO of Data Protection at Gemalto. “At times it feels organisations are trying to run before they can walk, implementing technology without really understanding what impact it could have on their security.”
The most shocking figure from the report is the 42% of UK companies who are capable of detecting an IoT breach, with only France worse off at 36%. Considering the role IoT has been touted to play over the next few years as 5G hits the streets, this is an incredibly worrying statistic.
It hasn’t been until recent years that industry has really started taking security on traditional websites in general. Some of it is thanks to the very real fines found in Europe’s GDPR where a percentage of global revenue is at stake. Since then, security whistle-blowing has skyrocketed.
It’s very easy for companies to sit down and focus on marketing or creating a product while leaving security as “something we can look into down the road”. Compounding the problem is the fact that with so many leaks and breaches, many end users wind up being lax with attitudes like “well, my information isn’t THAT valuable” or “no big deal, someone else will take care of it”. That ultimately sends the message to a lot of industry leaders that security isn’t that important for their customers to begin with and, ultimately, something that can make do with less funding or resources.
While European laws might help things, it shows that there is still more that can be done. Unfortunately, this latest study suggests that things will probably get worse before it gets better.
Drew Wilson on Twitter: @icecube85 and Google+.