Recent surveys conducted by ISACA, a global cyber-security group headquartered in Rolling Meadows, Illinois, showed a significant confidence gap between average consumers and cybersecurity and information technology (IT) professionals concerning the security of interconnected devices, also known as the Internet of Things (IoT).
ISACA's 2015 IT Risk/Reward Barometer indicated that 64 percent of U.S. consumers believe they can control the security of IoT devices they own, but in a parallel survey taken by more than 2,000 IT and cybersecurity professionals, only 20 percent were confident about the control they had over who had access to information collected on IoT devices in their homes. Additionally, 77 percent of those professionals did not believe manufacturers had put adequate security in place for those devices.
Of the consumers surveyed, 83 percent who owned an average of five IoT devices said they were "somewhat" or "very" knowledgeable about IoT. The device most consumers were planning to purchase in the coming year was a smart TV, followed by Internet-connected cameras, connected cars and wireless fitness trackers.
The survey taken by professionals also showed that half believed the IT departments at the companies for which they worked were not aware of all connected devices in the organization. The survey also found 74 percent thought there was a medium or high risk of their organization being hacked, and 62 percent thought use of IoT devices in the workplace led to less employee privacy.
“In the hidden Internet of Things, it is not just connectivity that is invisible," ISACA International President Christos Dimitriadis, who is group director of information security for INTRALOT, said. "What is also invisible are the countless entry points that cyber attackers can use to access personal information and corporate data. The rapid spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data.”
ISACA’s consumer survey also showed consumers had more confidence in businesses that could show expertise with regard to cybersecurity practices.
“Device manufacturers should lead the charge on adopting an industry-wide security standard that addresses IoT security and put in place rigorous security governance and professional development for their cyber-security employees," ISACA Internatonal Vice President Robert Clyde, managing director of Clyde Consulting, LLC, said.