IoT device makers have little faith in the security of their products

Devices are being churned out at record rates, but security remains “an afterthought”, says new study

The public-facing stance of your average IoT device manufacturer when it comes to security is one of reassurance. But the overwhelming majority of IoT device makers fear the products they’re making are vulnerable to threats, according to a new survey from security vendor Irdeto.

The company surveyed 700 security decision makers representing organisations in healthcare, transport, manufacturing and IT, to gauge the state of IoT security. The survey revealed that 82 percent of organisations that manufacture IoT devices are concerned the devices they make are not adequately secured from cyber attacks.

The survey also found that 93 percent of manufacturers believe the security of their devices could be improved, either to some extent or a great extent. Although that is unsurprising given the volume of exploits routinely discovered. 45 percent of respondents said the software running on devices is the main security soft spot.

“This goes to show that for many manufacturers of IoT devices, security is still an afterthought instead of something that should be implemented at the very beginning,” the report reads.

Only half of IoT device manufacturers provide security updates throughout the lifetime of their devices, leaving many users out in the cold once warranties have expired.

As we have previously argued, manufacturers need to start viewing IoT security as an opportunity rather than an inconvenience and develop new business models accordingly. Thankfully, almost all (99 percent) of manufacturers now agree that security should no longer be thought of as a cost centre.

With the average cost of an IoT-related cyber attack standing at a steep $330,602 (£262,028) Jaco Du Ployoy, VP of IoT Security at Irdeto, advised companies to be vigilant about the risks before investing in IoT solutions.

“Organisations must understand the scope of their current risk, ask hard cyber security-centric questions to vendors and work with trusted advisors to safely embrace connectivity in their manufacturing process. Then organizations must incorporate multiple layers of security into their defences,” he said.