Scary IoT Adoption Revealed: What is happening with cybersecurity in many companies today reminds me of horror movies that are so popular this time of year. Viewers clearly see the danger ahead. But those who are involved in the action do not always take proper precautions to protect themselves.

In fact, as the recently published "PKI and IOT 2019 Global Trends Study" illustrates, despite the progress made in some areas of Public Key Infrastructure Security (PKI), companies continue to lose their brand in basic best practices.

PKI is a strategic part of IT central core, but the lack of security skills and resources leaves companies vulnerable and unprepared for the future. And the expansion of the Internet of Things, and the cybersecurity challenges it presents, only exacerbate this problem.

Scary IoT Adoption Revealed

There is a growing awareness of the importance of cybersecurity

We partner with the Ponemon Institute to create this study. It is based on a research firm survey of over 1,800 IT security professionals in 14 countries and regions worldwide. We unveil the findings this month to coincide with National Cybersecurity Awareness Month.

National Cybersecurity Awareness Month (NCSAM) is an effort by the National Cyber ​​Security Alliance (NCSA), which launched the initiative in 2004 in conjunction with the U.S. Department of Homeland Security. UU NCSAM is a joint public-private effort to raise awareness of the importance of cybersecurity. This year's theme is: IT itself. Secure it. Protect it.

Leading companies, including ADP, American Express Corp, Bank of America, Comcast, Eli Lilly and Co, Facebook, Google, Marriott International, Mastercard, Raytheon, Uber, US Bank and Wells Fargo & Co, are on the NCSA board. This list helps to illustrate the importance that some of the largest and most important companies in the world now attach to cyber security.

But there is still work to be done, especially when it comes to IoT security

However, as our research indicates, many companies do not prioritize IoT security measures that counteract the most feared cyber threats. And that makes them vulnerable to attacks.

Respondents find that the main IOT threats are disrupting the function of an IOT device (68%) and remote control of the device by an unauthorized user (54%). Interestingly, however, security practices such as delivering IOT patches and device updates to prevent such alterations ranked last in the list of top 5 IOT security capabilities.

This is a real problem, especially given that the cyber security gap is widening and deepening as the number of IoT devices increases. Forecasts suggest that more than 30 billion IoT devices will be in service by 2020. This is an increase from the currently estimated 27 billion IoT devices.

Our research suggests that about 42% of IoT devices in use will rely primarily on digital certificates and identification and authentication in the next two years. But many fewer IoT devices and platforms leverage encryption. Only 28% of IoT devices use encryption, and only a quarter of IoT repositories and data platforms use encryption.
There is some good news, but PKI best practices are not where they should be

On the positive side, IoT is the fastest growing trend that drives the implementation of PKI applications with 20% growth over the last five years. In addition, organizations are expanding the reach of their PKIs.

Our research also suggests that companies are more rigorous in terms of PKI security in some areas. Few are using only a password for CA (CA) to secure administrative access (a 6% drop from 2018 level), and more are using Hardware Security Modules (HSM) for administration CA private keys (a 3% increase over 2018).

However, many organizations are losing their mark when it comes to PKI best practices.

Almost a third (30%) of the organizations surveyed by Ponemon admitted that they do not do any Certificate Revocation, and a whopping 68% said they struggle to establish a clear PKI ownership despite significant reliance on it. These answers, and the fact that their 5-year trend is showing little progress, says a lot about real-world PKI operational challenges.

Implementing best practices can change this, safeguarding businesses and customers.

Ponemon's research also shows that internal corporate CAs are the most popular option for PKI deployment. Most (80%) of financial services organizations use corporate corporate CAs. This approach is used by 63% of the general survey group, a number that has increased by 19% in the last five years.

But sometimes, outsourcing can help. This survey revealed signs that companies that leverage accredited external hosted services can reap the benefits of best practice when it comes to cybersecurity. If you maintain PKI internally, use external services, or a combination of both, nCipher and its parent company, Entrust Datacard, can help. NCipher nShield Hardware Security Modules.

Businesses becoming vulnerable to cyberattacks by failing to prioritize PKI security

The 2019 PKI and IOT Global Trends Study, conducted by the Ponemon Institute research firm and sponsored by nCipher Security, is based on feedback from more than 1,800 IT security professionals in 14 countries / regions.

The study found that IoT is the fastest growing trend driving public key infrastructure (PKI) application deployment, with a growth of 20% over the last five years.

Respondents mentioned concerns about a number of IoT security threats, including alteration of IoT device function through malware or other attacks (68%) and non-user remote control of a device authorized (54%). However, respondents rated the release of patches and upgrades to IoT devices, the capacity that protects against this major threat, finally in a list of the top five IoT security capabilities.

The study also found that over the next two years, an average of 42% of IoT devices will rely mainly on digital certificates for identification and authentication. But the encryption for IoT devices, and for IoT platforms and IoT data repositories, is only 28% and 25% respectively.

"The scale of IOT vulnerability is staggering: IDC recently predicted that there would be 20.6B of IOT devices connected by 2025, generating 79.4 zettabytes of data," said John Grimm, senior director of strategy and nCipher Security business development.

"There is no point in collecting and analyzing IoT-generated data and making business decisions based on it, unless we can rely on the security of their devices or their data. Creating trust begins with prioritizing security practices that counteract the major threats of IoT and ensure the authenticity and integrity of the entire IoT ecosystem. "
PKI is strategic, but organizations are leaving themselves vulnerable and unprepared

PKI is the core of the IT infrastructure for many organizations, enabling security for critical digital initiatives such as the cloud, mobile device deployment, and IoT.

Most respondents use PKI widely in their organizations, for SSL / TLS certificates (79%), private and VPN networks (69%), and cloud-based public utilities and services (55%). However, more than half (56%) believe that PKI is unable to support new applications.

In addition, many respondents see significant technical and organizational barriers to the use of PKI, including the inability to change legacy applications (46%), inadequate skills (45%), and resources (38%).

Business PKI security best practices are mixed

Almost one-third (30%) of organizations, especially discordant in terms of implications, are not using any certificate revocation techniques. More than two-thirds (68%) cite "no clear ownership" as their major PKI challenge.

But, some companies are applying more security to PKI in certain areas. The proportion of respondents using "password only" for Certification Authority administrators has dropped from 6% in 2018 to 24% this year. And 42% of those surveyed said that they were using Hardware Security Modules (HSM) to manage their private keys.

"PKI use is evolving as organizations approach digital transformation in their businesses. In addition to IOT, more than 40% of our respondents also mentioned cloud and mobile initiatives as drivers of their 'use of PKI,' said Dr. Larry Ponemon, President and Founder of the Ponemon Institute.

"Clearly, the rapid growth of IoT is having a significant impact on the use of PKI, as organizations realize that PKI provides central authentication technology for connected devices. digital initiatives, they need to continue to improve the security maturity of their PKIs. "