Security

80% of IoT apps not tested for vulnerabilities, report says

A new report from the Ponemon Institute, IBM, and Arxan claims that just 20% of IoT apps and 29% of mobile apps are actually tested for vulnerabilities, raising security concerns.

iotsec.jpg
Image: iStockphoto/chombosan

A staggering 80% of Internet of Things (IoT) applications and 71% of mobile applications are not tested for vulnerabilities, according to a new report released Wednesday. The report, issued by the Ponemon Institute, surveyed 16,450 IT and IT security professionals who worked in mobile and IoT app security at their organization.

One element that could contribute to the poor testing numbers is the lack of QA and testing methods for IoT, which 55% of respondents said was the case. Overall, 84% said that IoT apps, in general, were more difficult to secure than mobile apps, while 69% said mobile apps were more difficult.

Organizations surveyed said they were concerned about attacks occurring through each of these channels. Of the respondents, 58% were more concerned about a breach occurring through an IoT app, while 53% were more concerned about it happening through a mobile app.

SEE: Here are the biggest IoT security threats facing the enterprise in 2017

Despite the worry, these organizations aren't doing much to mitigate the risk. According to the report, 44% said they aren't taking any steps to prevent an attack, and 11% said they aren't sure if their organization is taking any preventative measures.

Many of these respondents had actually experienced a breach through one of these vectors in the past. About 60% of those surveyed were certain that their organization dealt with a security issue as a result of a mobile app, and 46% were sure of the same occurrence with an IoT app. And, despite the past problems and acknowledged risks, only 32% said they urgently want to secure mobile apps, and 42% said they want to urgently secure apps for IoT, according to the report.

"Factors revealed in this study may help to explain the lack of urgency," said Larry Ponemon, founder of the Ponemon Institute, in a press release. "Respondents voiced minimal budget allocation, and those responsible for stopping attacks are not in the security function, but rather other lines of business. Without proper budget or oversight, these threats aren't being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come."

Additionally, roughly 30% of respondents said that there is sufficient budget allocated to protect these kinds of apps. But, if they were to be the victim of a serious attack, that may cause them to consider increasing the budget.

"Mobile and IoT applications continue to be released at a rapid pace to meet user demand. If security isn't designed into these apps there could be significant negative impacts," Diana Kelley, global executive security advisor at IBM Security, said in a press release.

It should be noted that, while this report was issued by Ponemon, it was sponsored by IBM Security and Arxan, a company that provides mobile and IoT security solutions.

The 3 big takeaways for TechRepublic readers

  1. Only 20% of IoT apps and 29% of mobile apps are tested for vulnerabilities, according to a new report from the Ponemon Institute.
  2. Even though many organizations acknowledge the risk of an attack, or have been victims of a breach, many aren't taking any steps to further secure these attack vectors.
  3. There isn't proper budget or oversight given to these threats, which could explain the lack of urgency, the report found.

Also see

About Conner Forrest

Conner Forrest is News Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks