iconimage - Fotolia

IoT security not a priority for Asean organisations

IT leaders in the Asean region need to push IoT security up their priority list, as an Intel survey finds them lagging

Association of Southeast Asian Nations (Asean) organisations are not prioritising security for their internet of things (IoT) developments, according to a survey in the region by Intel Security.

Thailand ranked lowest in terms of IoT security awareness among the five countries surveyed, with 39% of IT leaders recognising the need for security enhancements to their IoT.

The Philippines ranked as the most aware at 53%, while Singapore -- the country with the highest mobile penetration globally -- was 42%. Malaysia and Indonesia stood at 46% and 40%, respectively.

"Security is an important aspect of IoT that needs to be addressed urgently," said Craig Nielsen, managing director of Southeast Asia at Intel Security.

The IoT market size in Asia-Pacific (Apac) is expected to grow from US$408bn in 2013 to US$862bn in 2020, according to research firm IDC. The concern is that connected IoT devices can become an attractive target for hackers as they become more prevalent.

"We predict these systems will reach substantial enough penetration levels that they will attract attackers," said Nielsen.

"With the evolving threat landscape, security needs to cut across the entire IoT spectrum -- whether it is protecting devices, putting in access control measures, writing security codes or looking at security from a policy perspective."

Read more about IoT in the Asean region

IT leaders in the survey almost all agreed on advanced security technologies as being the most important. Other preferred systems include enforcing better employee security awareness, setting up IT steering committees and increasing security department staff.

Almost all of the IT leaders believed better detection and analysis tools would be most relevant to securing systems.

Respondents from Singapore, Malaysia and the Philippines said more training around managing incidence response issues over multiple networks would be useful, while those from Thailand and Indonesia thought more IT security staff would help.

Attitude to IoT security must change

Anmol Singh, principal research analyst at Gartner, agreed that Southeast Asian companies traditionally have a poor appreciation of the importance of IoT security, but he added that this will need to change.

"Given the volatility and serious consequences of recent [security] attacks against automobiles, medical healthcare devices and the power grid, IoT security is increasingly becoming a business imperative among mainstream organisations worldwide," he said.

"The reasons vary from internal security culture of organisations to the inability of suppliers to provide a holistic approach towards security."

This is also because IoT is an immature and rapidly evolving area, with nascent products and technologies associated with IoT. "The lack of a good business model and the immaturity of IoT devices has led manufacturers and security system providers to offer ad-hoc solutions to break into the market and grab [business] opportunity," said Singh.

Singh pointed out that another reason for the low priority on IoT security is the diverse nature of IoT technologies. "Users and enterprises in different industry verticals and regions have distinct requirements. This requires security platforms that address key horizontals," said Singh.

Read more on Internet of Things (IoT)