The security realities of the Internet of Things
SANS announced results of its 2013 Securing the Internet of Things survey, in which 391 IT professionals answered questions about the current and future security realities of the Internet of Things (IoT).
“The Internet of Things is not just a buzzword, nor is it merely a vision of the sci-fi future. It’s already happening, in every sector of the global economy. Self-parking cars, autonomous drones, smart meters talking to smart appliances in the home, HVAC systems in commercial buildings, wireless-enabled medical devices and wearable fitness gadgets are all examples. Ubiquitous embedded software, often vulnerable and even unpatchable, enabled by 24/7 wireless connectivity, creates an unprecedented level of interconnectivity and complexity,” says SANS Analyst Gal Shpantzer. “This unique survey takes a look at the security community’s perception of the vulnerabilities in the IoT and the threats that would exploit them.”
In the survey, almost 60% of respondents fully understand and find the Internet of Things relevant to their companies and jobs; 43% of respondents are already actively working to secure some of these types of “Things” in their environments.
“The SANS Securing the Internet of Things survey results show that the security community is already aware of the challenges the IoT will bring and that those challenges will require both the evolution of existing security controls and the development of new security processes,” says survey author John Pescatore.
Survey respondents were most concerned about device connections to the Internet (50%), followed by vulnerabilities associated with the command and control channel to the device’s firmware (24%), with another 9% concerned about the firmware itself.
While it’s clear that most organizations are preparing to embrace the IoT, 50% of respondents were not ready to secure an ecosystem of “Things,” and while they acknowledge that their IT staff is responsible for securing their Things, they expect vendors to play a critical role in security of such devices as well.
Pescatore explains, “Security managers will hold the manufacturers of “Things” to higher levels of responsibility for security than they required for PCs and servers.”
Results and insights surrounding security challenges for the IoT will be released on Wednesday, January 15.