A staggering 80% of Internet of Things (IoT) applications and 71% of mobile applications are not tested for vulnerabilities, according to a new report released Wednesday. The report, issued by the Ponemon Institute, surveyed 16,450 IT and IT security professionals who worked in mobile and IoT app security at their organization.
One element that could contribute to the poor testing numbers is the lack of QA and testing methods for IoT, which 55% of respondents said was the case. Overall, 84% said that IoT apps, in general, were more difficult to secure than mobile apps, while 69% said mobile apps were more difficult.
Organizations surveyed said they were concerned about attacks occurring through each of these channels. Of the respondents, 58% were more concerned about a breach occurring through an IoT app, while 53% were more concerned about it happening through a mobile app.
Despite the worry, these organizations aren't doing much to mitigate the risk. According to the report, 44% said they aren't taking any steps to prevent an attack, and 11% said they aren't sure if their organization is taking any preventative measures.
Many of these respondents had actually experienced a breach through one of these vectors in the past. About 60% of those surveyed were certain that their organization dealt with a security issue as a result of a mobile app, and 46% were sure of the same occurrence with an IoT app. And, despite the past problems and acknowledged risks, only 32% said they urgently want to secure mobile apps, and 42% said they want to urgently secure apps for IoT, according to the report.
"Factors revealed in this study may help to explain the lack of urgency," said Larry Ponemon, founder of the Ponemon Institute, in a press release. "Respondents voiced minimal budget allocation, and those responsible for stopping attacks are not in the security function, but rather other lines of business. Without proper budget or oversight, these threats aren't being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come."
Additionally, roughly 30% of respondents said that there is sufficient budget allocated to protect these kinds of apps. But, if they were to be the victim of a serious attack, that may cause them to consider increasing the budget.
"Mobile and IoT applications continue to be released at a rapid pace to meet user demand. If security isn't designed into these apps there could be significant negative impacts," Diana Kelley, global executive security advisor at IBM Security, said in a press release.
It should be noted that, while this report was issued by Ponemon, it was sponsored by IBM Security and Arxan, a company that provides mobile and IoT security solutions.
The 3 big takeaways for TechRepublic readers
- Only 20% of IoT apps and 29% of mobile apps are tested for vulnerabilities, according to a new report from the Ponemon Institute.
- Even though many organizations acknowledge the risk of an attack, or have been victims of a breach, many aren't taking any steps to further secure these attack vectors.
- There isn't proper budget or oversight given to these threats, which could explain the lack of urgency, the report found.
- The security tsunami of the Internet of Things is coming, are you ready? (TechRepublic)
- The first big Internet of Things security breach is just around the corner (ZDNet)
- IoT hidden security risks: How businesses and telecommuters can protect themselves (TechRepublic)
- IoT in 2017: Why usage is going to grow, despite the security risks (ZDNet)
- Security experts: what's wrong with Internet of Things security, and how to fix it (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.