IT departments are still not ready for the Internet of Things (IoT) – connected devices such as smart watches and cars, an IT and information security body suggests. A global study by ISACA has found that consumers have conflicted attitudes about connected devices.
The 2014 ISACA IT Risk/Reward Barometer shows that the vast majority of US consumers (94 per cent) have read or heard about major retailer data breaches in the past year, and three-quarters say retailer data breaches have increased concerns about their personal data privacy during the same period. The majority (61 per cent) characterise the way they manage data privacy on connected devices they own as Take-Charge rather than Reactive (26 per cent) or Passive (11 per cent). Yet despite knowing about retailer data breaches, fewer than half have changed an online password or PIN code (45 per cent), made fewer online purchases using mobile devices (15 per cent), or shopped less frequently at one or more of the retailers that experienced a data breach (28 per cent).
Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies, said: “One of the most dramatic conclusions from this year’s study is the huge gap between people’s concerns about protecting their data privacy and security versus the actions they take. Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimize the impact of data breaches or hacks.”
As for online shopping, ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with security software, and verify that online transactions are secure by looking for a padlock icon displayed in the browser.
ISACA’s IT Risk/Reward Barometer examines attitudes and behaviours related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 study has a survey of 1,646 ISACA members who are IT and business people around the world, including 452 in the US, and a survey of more than 4000 consumers in four countries, including 1209 in the US.
The potential risk caused by this gap between knowledge and action is amplified by the spread of wearables and other connected devices in everyday life. About a quarter or more of consumers now own or regularly use smart TVs (32 per cent) or connected cars (27 per cent), for example, and more than half of people’s wish lists for the coming year include connected devices (58 per cent).
Among the top consumer concerns about the Internet of Things—defined as devices that connect with each other or to the internet—are someone hacking into the device and doing something malicious (38 per cent), not knowing how the information collected by the devices will be used (22 per cent), and companies or organisations being able to track an individual’s actions or whereabouts (12 per cent).
Wearables at work
Despite privacy and security concerns, wearables are making their way into the workplace:
68 per cent of employed Americans would consider using one or more connected wearable devices in their current workplace, according to the consumer survey.
In fact, one in ten employed Americans would consider wearing smart glasses, such as Google Glass, in their current workplace.
Close to half of ISACA members in the US (45 per cent) believe the risk of the Internet of Things outweighs the benefit for enterprise.
The 110-country survey of ISACA members shows that few IT departments or workplaces in general are ready for the invasion of wearables. Forty percent of US members say their organisation has plans now or expects to create plans in the next 12 months to leverage the Internet of Things, but the majority is not ready for wearable tech. More than half (61 per cent) say their BYOD policy does not address wearable tech and another 16 percent do not even have a BYOD policy.
ISACA members in the US are evenly divided as to whether the benefit of the Internet of Things outweighs the risk for individuals (38 per cent) or the risk outweighs the benefit (37 per cent), but fully 71 percent describe themselves as very concerned about the decreasing level of personal privacy.
Rob Clyde, international vice president of ISACA and CEO of Adaptive Computing, said: “The Internet of Things is here, and following the holidays, we are likely to see a surge in wearable devices in the workplace. These devices can deliver great value, but they can also bring great risk. Companies should take an ‘embrace and educate’ approach.”
ISACA recently established the Cybersecurity Nexus (CSX) as a resource enterprises can turn to for security advice. Visit www.isaca.org/cyber.
For the full survey, including related infographics, video and global results, visit www.isaca.org/risk-reward-barometer.
