Global survey says security of IoT devices is inadequate in the UK

Most information security professionals in the UK believe that adequate measures are not in place to properly secure Internet of Things (IoT) devices, leading to a huge risk of being hacked. 

That's according to a survey by ISACA of more than 7000 global members. The results were published in the 2015 IT Risk/Reward Barometer which identified, among other things, major uncertainties about the security of IoT devices. 

Three quarters of UK respondents think that device manufacturers are not enforcing security on their products while 73 percent blamed a lack of industry standards. 

Device vulnerabilities were the biggest IoT security concern for 41 percent of UK respondents, and 64 percent said that there is a medium to high risk of IoT devices hacking their firms. Nearly two-thirds admitted that they expect such a cyber-attack in the next year, but only half have confidence in their preparation for this.  

ISACA advised IT buyers to guarantee all devices are updated with patches and can connect via a workplace guest network instead of an internal network. In addition, staff should be fully trained in best practice cyber-security awareness. 

Device manufacturers were advised to ensure their software developers are appropriately certified for cyber-security, encrypt all sensitive information, build IoT devices for easy updating and assert that social media sharing is opt-in.

“With the explosion in popularity and hype around the Internet of Things, it is proving difficult for manufacturers and organisations to keep up with the clear realities and implications for security the IoT represents,” said ISACA international vice president Ramsés Gallego.