IoT is one of today’s fastest-growing technology trends, but businesses are becoming vulnerable to dangerous cyber attacks by failing to prioritize PKI security, according to new research by nCipher Security, an Entrust Datacard agency.
The 2019 Global PKI and IoT Trends Survey, carried out by the Ponemon Institute research firm and funded by nCipher Security, is based on input from over 1,800 IT security professionals in 14 countries/regions.
Respondents cited concerns about several threats to IoT security, including altering the role of IoT devices through malware or other attacks (68%) and remote control of a system by an unauthorized user (54%).
The study also found that an average of 42% of IoT devices in the next two years would rely primarily on electronic identification and authentication certificates. Yet, according to nCipher’s 2019 Global Encryption Trends Report, encryption for IoT phones and IoT applications and IoT information repositories is only 28 percent and 25 percent respectively.
PKI plays a tactical role, but organizations are left vulnerable and unprepared for many companies to be at the center of the IT infrastructure, allowing protection for essential technological initiatives such as cloud, mobile device delivery, and IoT.
Enterprise PKI security best practices a mixed bag
Nearly a third (30 percent) of organizations use no certification revocation strategies – a particularly jarring share given the consequences. More than two-thirds (68 percent) refer to their top PKI challenge as “no simple ownership.”
Other key findings from the report:
Using HSM as an IoT confidence source dramatically jumped over 2018 (from 10% to 22%).
Notwithstanding an increasing number of PKI implementation options (cloud, controlled and hosted), internal corporate certification authorities (CAs) remain the most common and have risen 19 percent to 63 percent over the past five years–with 80 percent of financial services organizations supporting this option.