A new survey conducted by Altman Vilandrie & Company confirms that nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach. According to the strategy consulting group, anything with an Internet connection can be hacked, creating serious financial and legal exposure for companies and safety concerns for workers and consumers.
“While traditional cybersecurity has grabbed the nation’s attention, IoT security has been somewhat under the radar, even for some companies that have a lot to lose through a breach,” says Altman Vilandrie & Company Director Stefan Bewley, who co-directed the survey.
“IoT attacks expose companies to the loss of data and services and can render connected devices dangerous to customers, employees and the public at large. The potential vulnerabilities for firms of all sizes will continue to grow as more devices become Internet dependent.”
Indeed, the above-mentioned survey reveals the significant financial exposure of leaky IoT security for companies of all sizes, with the cost of the breaches represented 13.4% of the total revenues for companies with revenues under $5 million annually and tens of millions of dollars for the largest firms. Moreover, nearly half of firms with annual revenues above $2 billion estimated the potential cost of one IoT breach at more than $20 million. Perhaps not surprisingly, companies that did not experience a security incursion have invested 65% more on IoT security than those who have been breached.
As we’ve previously discussed on Rambus Press, IoT devices that lack robust security inadvertently allows the establishment of unauthorized communication channels. Indeed, without authentication or encryption protocols, cyber criminals can connect to, hijack and even brick vulnerable IoT devices. It should be noted that IoT systems are particularly susceptible to security lapses, largely because they are at once simpler, yet more difficult and costly to protect. Moreover, developers of such systems tend to be less familiar with the importance of security.
Nevertheless, the industry can still do its best to safeguard IoT devices by leveraging secure hardware provided by the chipset vendor, as well as utilizing on-chip pre-provisioning of unique keys and IDs. In addition, OEMs should focus on the most critical vulnerabilities and choose the most appropriate levels of security based on plausible risks and attack vectors. A complete and scalable security solution can help here, as it will allow both OEMs and services to minimize in-field device setup and customization.
Interested in learning more about IoT security? You can check out our article archive on the subject and download our eBook below.