Only one in five Australian IT workers feel confident that they can control who has access to information collected by web-connected devices in their homes, compared to 65 per cent of consumers.
This was a finding in the consumer segment of the 2015 IT Risk/Reward Barometer, a new study by global cyber security organisation, ISACA.
The study found a significant confidence gap about the security of Internet of Things devices in the home between consumers and cyber security and IT professionals. These web-connected devices range from smart TVs (the most wanted device over the next 12 months), to wireless fitness trackers and smart watches.
The survey suggested that the Internet of Things is an invisible risk that is under-estimated and under-secured. Globally, 72 per cent of IT and cyber security professionals say manufacturers are not implementing sufficient security in Internet of Things devices.
Almost two thirds (61 per cent) of respondents felt that their IT department was not aware of all their organisation’s connected devices such as thermostats, TVs, fire alarms and cars).
A further 72 per cent estimated the likelihood of an organisation being hacked through an Internet of Things device is medium or high; while 57 per cent said that the increasing use of these devices in the workplace has decreased employee privacy.
The Internet of Things from business-to-business use is expected to expand from 1.2 million devices in 2015 to 5.4 billion by 2020, according to ABI research.
“In the hidden Internet of Things, it is not just connectivity that is invisible. What is also invisible are the countless entry points that cyber attackers use to access personal information and corporate data,” said Christos Dimitriadis, international president of ISACA.
“The rapid spread of connected devices is outpacing an organisation’s ability to manage it and to safeguard company and employee data,” he said.
Dimitriadis highlighted that it’s not a case of if, but when a manufacturer is hacked.
“We’ve already seen improvements made by companies that adopt industry-wide security standards, and device manufacturers should do the same,” he said.
Garry Barnes, international VP at ISACA added that by adopting security standards and setting security governance and professional development for their cyber security employees, companies can be more cyber resilient.
“It’s also good for business – the research shows that customers want their IoT devices to be secure and data to remain private,” he said.
Follow Byron Connolly on Twitter:@ByronConnolly