A recent study on Mobile and IoT Application Security, which was conducted by the Ponemon Institute and sponsored by IBM and Arxan Technologies, found out that 80 percent of Internet of Things (IoT) aren't secured and have a lot of vulnerabilities which needs to be tested.
The study surveyed 593 IT and IT security practitioners to find out how much companies are prepared to handle the risks that are created by vulnerabilities in IoT apps.
According to the survey, there is nearly 84 percent of respondents are very concerned about the malware threat to mobile apps, while 66 percent of the respondents are more concerned about a threat to IoT apps. However, 79 percent of respondents say that they are more worried about the risk involve with mobile apps, while 75 percent of them think that the use of IoT apps increases security risk very significantly.
Study also found that respondents are more concerned about getting hacked through an IoT app, 58 percent, rather than a mobile app, 53 percent.
Arxan Technologies Chief Marketing Officer Mandeep Khera told SC Media “the biggest surprise was that a vast majority of the respondents believe that they are likely to get hacked but most of them are not doing much to protect themselves.” “Just seems counter-intuitive,” she said.
Khera warned that the reason behind this might be lack of inertia, lack of awareness, and lack of budget.
“IoT is still fairly new and due to lack of a big visible hack or a regulation, organizations have hard time justifying security initiatives,” Khera said. “However, a hack is coming and in some segments like connected medical and connected automobiles, companies are starting to make good progress in terms of security.”
Khera said that one of the biggest problems that is that most professionals do not understand the potential vulnerabilities and the potential impact of hack on these devices. And to handle these problems the security executives need to know about the IoT app protection.
"Proactive testing, fixing vulnerabilities and binary code as well as cryptographic key protection are some of the ways that companies can mitigate the risks and better secure IoT devices and while companies may go through the software development lifecycle with security in mind, once they throw those out in the wild on end point devices or mobile, binary code and cryptographic keys are vulnerable and easy for hackers to attack", Khera said.
Brad Bussie, CISSP, Director of Product Management, STEALTHbits Technologies told SC Media, “IoT apps are still new enough that usability is outflanking security because security has a reputation of getting in the way. The new IoT apps also lack a common set of standards because of the sheer number of IoT devices providing countless applications.”
Bussie said vendors continue to manufacture insecure devices.
“I always take this back to a simple principle when analyzing risk (Probability of Event) x (Cost of Event) = Risk Value,” Bussie said. “Many companies appear to be running this equation and coming to a simple conclusion; it is cheaper to manufacture devices and applications without proper security.”