IoT cyber threat to increase focus on security, says Gartner

security key on keyboard

Cyber attacks aimed at disrupting businesses will force 40 per cent of enterprises to introduce defence plans by 2018, according to Gartner, up from zero per cent this year.

The analyst firm warned that aggressive business disruption attacks will rise as Internet of Things (IoT) technology becomes more widely adopted by companies, and said CISOs would have to respond by assigning a greater priority to protection plans.

Paul Proctor, vice president and analyst at Gartner, said: "Entirely avoiding a compromise in a large complex organisation is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur.

"Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the internet by attackers. Victim organisations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack.

"Preventative controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security programme."

More resources must be dedicated to tackling these vulnerabilities, Gartner said, without compromising on service, adding that IoT devices have "expanded the attack surface" available to hackers.

Due to the growing number of connected devices being relied on by businesses and customers, companies can't afford to compromise on availability and must improve detection and response strategies for cyber attacks, the analyst house claimed.

"Balancing investment in detection and response capabilities acknowledges this new reality," Proctor said. "Security is not a technical problem, handled by technical people, buried somewhere in the IT department. Organisations need to start solving tomorrow's problems now."

IoT adoption is set to reach5.4 billion devices by 2020, according to research from Verizon and ABI Research released yesterday, though it added that current enterprise adoption remains low at 10 per cent.

Gartner's comments follow a string of high profile cyber attacks over the last couple of years, with victims including Sony Pictures, which lost 10 terabytes of data to hackers last November, US retailer Target, which lost 70 million customer records in a data breach in 2013, paving the way for a potential $30 million loss through lawsuits.

That's had a knock-on effect on customer trust in those responsible for safeguarding their personal data, according to the 2015 State of Privacy Report from security firm Symantec.

Its survey of 7,000 UK consumers suggest 49 per cent do not believe their data is safe online, with 53 per cent claiming to avoid posting personal details in order to retain privacy.

In terms of who is responsible for data that does exist online, 32 per cent believe it to be the government, 28 per cent businesses and 40 per cent consumers.

Commenting on the report, Professor Udo Helmbrecht, executive director of theEuropean Union Agency for Network and Information Security, said: "Terms of conditions for online services and products are in many cases hidden, long and difficult to understand or misleading.

"We recommend that companies and public sector bodies review their privacy policies and create simple more effective methods of communicating these to consumers. We believe that terms and conditions should be more concise, easy to understand and companies should help customers take control of their data."

Caroline Preece

Caroline has been writing about technology for more than a decade, switching between consumer smart home news and reviews and in-depth B2B industry coverage. In addition to her work for IT Pro and Cloud Pro, she has contributed to a number of titles including Expert Reviews, TechRadar, The Week and many more. She is currently the smart home editor across Future Publishing's homes titles.

You can get in touch with Caroline via email at caroline.preece@futurenet.com.