An alarming lack of cyber protection has been found in 43% of organizations handling equipment impacting health and safety: survey

With the use of connected IoT devices estimated to grow by 9% to hit 27bn IoT connections by 2025, Gartner data has shown that in the past three years, organizations observed cyberattacks on IoT devices in their network are already reaching 20%.

According to a recent Kaspersky report, 43% of IoT-enabled organizations surveyed did not use any protection tools for projects ranging from an Electric Vehicle charging station to connected medical equipment.

Based on a survey of 4,303 IT workers across 31 countries in organizations employing more than 50 people, the report concluded:

  • The lack of protection of IoT devices may be due to the great diversity of such devices and systems, which were not always compatible with existing security solutions.
  • 46% of respondents feared that cybersecurity products can affect the performance of IoT, and 40% found it difficult to find a suitable solution.
  • 40% of respondents cited high costs, 36% cited being unable to justify investment to their top management, and 35% cited lack of staff or specific IoT security expertise.
  • 57% of respondents saw cybersecurity risks as the main barrier to implementing IoT. This could occur when firms struggle to address cyber risks at the design stage and then have to carefully weigh up all pros and cons before implementation.
Source: Kaspersky

One global vendor of industrial IoT solutions commented that IoT projects are “very fragmented, loosely-coupled, domain-specific and integration-heavy in nature” compared to traditional IT projects. In the case of IoT implementation, organizations have to deal with all kinds of legacy systems, physical constraints, domain protocols, multiple vendor solutions, and also maintain a reasonable balance in availability, scalability and security.

A matter of life and limb

When certain aspects of cloud infrastructure have to be leveraged to provide higher availability and scalability, the system has to be open to some extent—then security becomes an enormous challenge.

Commented Stephen Mellor, Chief Technology Officer, Industry IoT Consortium: “Cybersecurity must be front and center for IoT. Managing risk is a major concern as life, limb and the environment are at stake. An IT error can be embarrassing and expensive; an IoT error can be fatal.”

In addition to IoT cybersecurity, other critical aspects include physical security, privacy, resilience, reliability and safety, said Mellow. “And these need to be reconciled: what can make a building secure, (locked doors for example), could make it unsafe if you cannot get out quickly.”