As the U.S. government looks to introduce new legislation that will require Internet of Things (IoT) devices to bake in more security measures, new survey data from Netsparker this week suggests the move could be coming just in time.
Web application security provider Netsparker released data on Thursday that found 52 percent of web developers think IoT and smart home technologies are the most vulnerable technologies to attacks, more vulnerable than web apps and online services (41 percent). Smart TVs, connected cars, and ATMs are also at higher risks of hacking than other technologies, developers say.
Developers said that companies attitudes around what they don’t know won’t hurt them could be doing damage to their security posture. Between a lack of IT understanding and budget (57 percent each, respectively), followed by an absence of concern (39 percent), and the fact that cybersecurity is too complicated to understand (30 percent) all indicate that management needs to take security more seriously.
Sixty-one percent of developers surveyed feel that the government is the most vulnerable sector to hacking, followed by the financial services industry, which 50 percent of developers agree is the most at risk.
More developers feel that media (44 percent) and communications (32 percent) are more vulnerable to hacking than healthcare (31 percent).
Interestingly, while the survey was conducted at the beginning of July through third-party research company Propeller Insights, it seems that these respondents were right about media being at risk. Just this week, hackers stole 1.5 terabytes of data from HBO, resulting in the unauthorized release of several upcoming episodes and scripts from Ballers, Insecure, and Game of Thrones. HBO executives continue to investigate whether the hackers also breached company communications.
The survey also asked developers to weigh in on the issue of election hacking, and found that 57 percent of developers feel that democratic governments are vulnerable to election hacking because political parties lack the adequate IT and security expertise, and are using outdated and potentially insecure polling equipment (54 percent).
“Because of recent election-related events, it’s not surprising that developers and IT professionals have so little confidence in the ability of governments to prevent hacking. But the reality is that all organizations and enterprises should take precautions to prevent data breaches,” Netsparker CEO Ferruh Mavituna said in a statement.
Election hacking in the U.S. got a lot of air time this year with questions around Russian interference in the presidential election, but governments around the world have been grappling with the issue for decades. Last year, in a profile of notorious political hacker Andrés Sepúlveda, Bloomberg said that he and his team rigged major political campaigns across Latin America: “For $12,000 a month, a customer hired a crew that could hack smartphones, spoof and clone Web pages, and send mass e-mails and texts. The premium package, at $20,000 a month, also included a full range of digital interception, attack, decryption, and defense.”
At Defcon last week, participants showed how easy it is to hack a voting machine, taking just an hour and a half to break into the WinVote machine, which had a number of serious flaws.