Many enterprises are complacent about IoT security according to new Forrester research, and most lack device visibility
New research has painted a grim picture for IT personnel dealing with the cyber-security aspects of the Internet-of-Things (IoT).
Even worse, more than half of respondents (59 percent) are apparently willing to tolerate a medium to high risk level to IoT devices.
The findings from Forrester and ForeScout differs somewhat from the recent survey findings from Vodafone.
In September Vodafone cited its research that found that just seven percent of organisations with 10,000 or more connecting things are concerned about IoT threats.
But the research from Forrester and ForeScout (which surveyed over 600 global enterprises), found that 77 percent of companies feel the increased usage of connected devices creates significant security challenges.
As a result, 76 percent of respondents said IoT-related anxieties are forcing them to rethink their IT and LoB (line of business) security strategies.
And it seems that enterprises are not confident that they can pass an audit as 82 percent cannot identify all of their IoT/OT devices.
Despite that over half of respondents (59 percent) said they are willing to tolerate a medium to high risk level in relation to compliance requirements for IoT security.
Indeed, many firms (54 percent) are feeling anxious about IoT security, “largely due to the negative business ramifications a security failure can have on critical business operations.”
The Forrester and ForeScout research also found that when asked who is primarily responsible for securing IoT, IT and LoB leaders “did not have a clear answer or delineation of ownership.”
“The survey results demonstrate a dynamic shift in the way organisations are starting to think about security and risk as it relates to IoT,” said Michael DeCesare, president and CEO at ForeScout.
“Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line,” said DeCesare. “Securing IoT is not just a cybersecurity issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility.”
Budgets And Management
IT and LoB managers are also having to deal with budget constraints, a fact cited by both as the greatest barrier to investing in IoT security.
Another problem they are having to contend with is senior leadership scepticism.
But the report warns that without the added investment, security professionals will continue to rely on their traditional security approach to protect IoT/OT (40 percent).
This “prevents organisations from being able to identify all network-connected devices, which opens the door for greater security risk and potential compliance complications.”
The report recommends that a combination of top-down executive support, proper security tools and audits are needed to instill greater confidence in device visibility.
Apparently 48 percent of all respondents stated that improving awareness and visibility of IoT devices is a top priority for improving IoT security and 82 percent of respondents expect their IoT/OT security spend to increase over the next one to two years.
“Businesses can already see the benefits of connecting devices to the network that were not traditionally connected to improve their business processes and functions,” said the Forrester Consulting study, Fail To Plan, Plan To Fail. “Technological advancements have given rise to a deluge of new types of connected devices – i.e., Internet of Things (IoT) – which, in turn, introduce new security threats that enterprises are ill-equipped to combat and even recognise.”
What do you know about the Internet of Things? Take our quiz!