SEA countries lax on IoT security: Intel study

By Digital News Asia March 2, 2016

Thailand ranks lowest on IoT security awareness, Philippines the highest
Surprising given that SEA may have highest penetration of IoT devices globally

SEA countries lax on IoT security: Intel study

A SURVEY on South-East Asian IT leaders’ outlook on the Internet of Things (IoT) and its impact on the security strategy of the business has found very low levels of awareness and concern.

Of the countries surveyed by Intel Security, Thailand ranked lowest in its IoT security awareness with only 39% of IT leaders recognising the need for enhancements to be made to their security controls, while the Philippines ranked highest as the most aware at 53%.

Singapore, the country with the highest mobile penetration globally, stood at 42%, while Malaysia and Indonesia stood at 46% and 40% respectively, Intel Security said in a statement.

READ ALSO: The promise of a first step with the IoT

The survey was conducted in Singapore, Malaysia, Thailand, Indonesia and Philippines, and showcases analysis from key players in IT organisations, from chief executive officers to developers and system administrators. A total of 1,953 persons responded to the survey, the company said.

The survey findings may come across as surprising at a time when South-East Asia is being considered the biggest penetration market for IoT devices globally.

While the IoT market size in Asia Pacific is expected to grow to US$862 billion in 2020 according to IDC, Intel Security predicts that growing vulnerabilities arising from new technologies such as DDoS (distributed denial of service) attacks and spammed devices will open up new possibilities to hackers and cybercriminals.

“Security is an important aspect of the IoT that needs to be addressed urgently,” said Intel Security’s South-East Asia managing director Craig Nielsen.

“Intel Security predicts that these systems will reach substantial enough penetration levels that they will attract attackers.

“With the evolving threat landscape, security needs to cut across the entire IoT spectrum, whether it is protecting devices, putting in access control measures, writing security code, or looking at security from a policy perspective,” he added.

When asked about their preferred solutions to improve their organisations’ security levels against the backdrop of an IoT implementation, IT leaders from almost all countries agreed on advanced security technologies as being the most important.

Other solutions preferred by all the countries include enforcing better employee security awareness, setting up IT steering committees, and increasing security department staff.

While these various measures are important, Intel Security suggested the adoption of a holistic approach towards security that involves a combination of various technologies and user education.

The IoT is set to be the next disruptive technology with the broadest economic impact globally, with the potential to be worth an estimated US$36 trillion in operating costs, according to McKinsey & Co.

While there are significant economic benefits to collecting and opening up data for sharing, there is also the danger of data being misused. In the light of massive data breaches and data thefts in recent years, substantial efforts are needed to secure IoT-related data across businesses, Intel Security said.

While improved architecture is vital, the efficiency and effectiveness of organisations’ education programmes in ensuring their employees adhere to security policies is equally significant to ensure maximum safety, it added.

Country breakdown

Of the countries surveyed, almost all the IT leaders believed that better detection and analysis tools would be most relevant to ensuring security.

IT leaders from Singapore, Malaysia and the Philippines believed more training around managing incidence response issues over multiple networks would also be useful, while those from Thailand and Indonesia believed more IT security staff would help.

For Indonesia:

59% of organisations don’t see the need for enhancements to be made to their security controls to secure the IoT.

Advanced security technology, better employee security awareness and IT steering committees are the top three solutions mentioned when the IT leaders were asked what they think would help improve their organisations’ security levels against the backdrop of an IoT implementation.

35% of IT leaders believe better detection tools would do the most to improve the efficiency and effectiveness of their staff towards IoT security. In addition, 23% believe better analysis tools would help while 14% believe employing more IT security staff is needed.

For Malaysia:

54% of organisations don’t see the need for enhancements to be made to their security controls to secure the IoT.

Advanced security technology, better employee security awareness and IT steering committees are the top three solutions mentioned when the IT leaders were asked what they think would help improve their organisations’ security levels against the backdrop of an IoT implementation.

36% of IT leaders believe better detection tools would do the most to improve the efficiency and effectiveness of their staff towards IoT security. In addition, 24% believe better analysis tools would help while 14% believe more training around managing incidence response issues over multiple networks is needed.

For the Philippines:

48% of organisations don’t see the need for enhancements to be made to their security controls to secure the IoT.

Advanced security technology, better employee security awareness and IT steering committees are the top three solutions mentioned when the IT leaders were asked what they think would help improve their organisations’ security levels against the backdrop of an IoT implementation.

32% of IT leaders believe better detection tools would do the most to improve the efficiency and effectiveness of their staff towards IoT security. In addition, 25% believe better analysis tools would help while 15% believe more training around managing incidence response issues over multiple networks is needed.

For Singapore:

58% of organisations don’t see the need for enhancements to be made to their security controls to secure the IoT.

Advanced security technology, better employee security awareness and IT steering committees are the top three solutions mentioned when the IT leaders were asked what they think would help improve their organisations’ security levels against the backdrop of an IoT implementation.

33% of IT leaders believe better detection tools would do the most to improve the efficiency and effectiveness of their staff towards ensuring IoT security. In addition, 24% of respondents believe better analysis tools would be help while 14% believe more training around managing incidence response issues over multiple networks is needed.

For Thailand:

61% of organisations don’t see the need for enhancements to be made to their security controls to secure the IoT.

Advanced security technology, better employee security awareness and IT steering committees are the top three solutions mentioned when the IT leaders were asked what they think would help improve their organisations’ security levels against the backdrop of an IoT implementation.

29% of IT leaders believe better detection tools would do the most to improve the efficiency and effectiveness of their staff towards ensuring IoT security. In addition, 23% believe better analysis tools would help while 18% believe more training around managing incidence response issues over multiple networks is needed.

Intel Security recommendations

To effectively secure IP (Internet Protocol) connected devices, security needs be part of the design and not an afterthought, Intel Security said.

Organisations need to adopt a comprehensive IoT strategy that includes: