Most businesses do not seek new regulations from governments or regulatory agencies. They already have enough rules to play by. But when it comes to the Internet of Things (IoT), many take a different tack and are quite open to strong regulations since they are acutely aware of the many reported hacks or known vulnerabilities in things like webcams, baby monitors, and cardiac devices.
A new survey underscores this sentiment. 96% of business respondents saying there should be IoT security regulation, according to the study of 1,050 global IT and business decision makers conducted by Gemalto, a global digital security vendor based in the Netherlands.
Not only do business people see the need for enhanced IoT security, consumers do as well. The same Gemalto survey finds that 90% of consumer respondents (out of 10,500) believe there should be IoT security regulation. 65% of the same consumers are concerned about a hacker controlling their IoT devices.
Challenges Businesses Face
The leading challenge for companies trying to secure IoT products or services is the high cost of implementation (44%), according to the survey. That means companies either bite the bullet and invest in greater security for products or services or cut corners. The latter is obviously not a wise approach. It leaves customers too vulnerable to shoddy security in the IoT products or services they purchase. If spending remains a barrier, it could spell trouble for the emerging IoT market as a whole. With no baseline of security, IoT technology buyers will remain leery and unlikely to make purchases.
Another concern the study revealed is that only 6 out of 10 businesses encrypt all the data they capture or store via IoT devices. That means 4 out of 10 (or 40%) businesses do not, a major red flag. Not all data flowing from IoT devices is that valuable; the number of times someone turns on or off a connected light bulb is minor. But health records or personal financial details is another matter altogether.
Energy Sector Relatively Secure, So Far
So far, the energy sector has a fairly good record of thwarting attacks against devices, with some exceptions. Things like smart meters, substations, and other grid assets have remained safe for the most part. But there are many attempts to penetrate the grid, like earlier this year when nuclear facilities came under attack. Those attempts are likely to increase as more things connect to the grid through distributed energy resources and behind-the-meter devices like smart thermostats or EV chargers. Without stronger rules and incentives, the risks will rise significantly.
One can understand the desire for more stringent regulations for the IoT. The number of things connecting to the grid and other systems is growing exponentially, and so too the number of potential threats. A strong set of standards throughout the IoT value chain is needed to keep data, systems, and people safe. Strong rules will force vendors to devote the needed resources and money to make it happen sooner rather than later.