Enterprises in the UAE and KSA leaving IoT devices vulnerable: nCipher Security
New report reveals cloud-based services are the leading driver for PKI in the Middle East
Enterprises are leaving themselves vulnerable to cyberattacks by failing to prioritise PKI security, according to new research from nCipher Security.
The 2019 Global PKI and IoT Trends Study, conducted by research firm the Ponemon Institute and sponsored by nCipher Security, is based on feedback from more than 1,800 IT security practitioners in 14 countries/regions, including the UAE and Saudi Arabia in the Middle East.
According to the study, 56% of IT security professionals in the Middle East cited that cloud-based services are most likely to be driving the deployment of applications that make use of public key infrastructure (PKI), followed by 46% stating mobile devices and 37% citing IoT as the driving force. Globally, however, the Internet of Things (IoT) was found to be the fastest-growing trend driving PKI application deployment – with 20% growth over the past five years.
Respondents cited concerns about several IoT security threats, including altering the function of IoT devices through malware or other attacks (62%) and remote control of a device by an unauthorised user (60%). A positive indicator however, is that Middle East respondents rated delivering patches and updates to IoT devices, the capability that protects against that top threat, as one of the four most important IoT security capabilities today. Protecting the confidentiality and integrity of data pulled from the device was listed as the most important IoT security capability for the UAE and KSA.
“The scale of IoT vulnerability is staggering – IDC recently forecasted that there will be 41.6B connected IoT devices by 2025, generating 79.4 zettabytes of data,” said John Grimm, senior director of strategy and business development at nCipher Security. “There is no point in collecting and analysing IoT-generated data, and making business decisions based upon it, if we cannot trust the security of devices or their data. Building trust starts with prioritizing security practices that counter the top IoT threats, and ensuring authenticity and integrity throughout the IoT ecosystem.”
PKI is at the core of the IT infrastructure for many organisations in the UAE and KSA, enabling security for critical digital initiatives such as cloud, mobile device deployment, and IoT. However, an overwhelming majority cite continued barriers, to enable applications to use PKI. These include the incapability of existing PKI to support new applications (66%), insufficient skills (43%) and no ability to change legacy apps (39%).
Enterprise PKI security best practices a mixed bag
Nearly a third (30%) of organisations globally – an especially jarring share considering the implications – are not using any certificate revocation techniques. Here in the Middle East, more than three quarters (77%) of respondents cite “no clear ownership” as their top PKI challenge, followed by insufficient resources (57%) and insufficient skills (51%).
But, some enterprises are applying more rigor to PKI security in certain areas. The share of respondents in the UAE and KSA using “password only” for Certificate Authority administrators has seen a significant drop from 55% in 2018 to 28% this year. The use of offline root Certificate Authority (CAs) has also increased (from 20% to 24%).
Philip Schreiber, regional director, Middle East, Africa and South Asia at nCipher Security, adds: “A key takeaway from the findings of the report for the region is the need to invest not only in mobilising resources but also in honing talents to drive the ongoing focus on digital transformation, given that the region is now attracting local datacentre infrastructure. With the governments emphasising on building a digital backbone that drives all operations – from governance to business best practices – ensuring the highest standards of cybersecurity is a strategic imperative that organisations must seriously pursue.”