A report from security firm Forescout suggests that business executives are increasingly anxious about IoT security.
Forescout’s survey, conducted on the company’s behalf by analysts at Forrester Consulting, reveals that firms are struggling to come to terms with the negative ramifications around IoT security failures.
It explores the impact that IoT and operational technologies are having on organisations and the new tide of cyber security challenges that have followed.
A majority of organisations (82 percent) find it difficult to identify and manage devices connected to their networks, and don’t have a clear idea of who should manage IoT security, either.
Complex security challenges
More than three-quarters of respondents (77 percent) from the 600 global enterprise companies included in the study say the adoption of connected devices is introducing complex security challenges.
And, as a result of this, a similar proportion (76 percent) believe that they need to rethink their IT and LoB security strategies – or risk being attacked by digitally adept criminals.
More than half (54 percent), meanwhile, say they are facing anxiety due to the rise of IoT-related security challenges, with line -of-business (LoB) managers (58 percent) showing greater amounts of concern than their colleagues based in IT teams (51 percent).
“Understanding the magnitude that a breach can have on enterprise operations and not receiving high-level assurances from IT that their devices are secure, can cause higher levels of anxiety in LoB leaders than IT,” the report suggests.
“In addition, overall distress is due to added costs and time needed to manage these devices as well as a lack of security skills.”
Forescout finds barriers
Internal barriers and compliance complications are also leading to greater risk, the report suggests. Forty-five percent of IT bosses and 43 percent of their LoB counterparts report that they’re struggling with budget constraints.
One in four security professionals, meanwhile, continue to rely on traditional security methods, and these don’t always work.
This is not entirely surprising, given that organizations are so frequently unable to identify all their connected devices. In fact, more than four out of five (82 percent) of respondents say they struggle here. Fifty-nine percent are happy to comply with medium- to high-risk regulations related to IoT security.
The good news, perhaps, is that nine out of ten (90 percent) plan to increase IoT investment in the distant future – but to do so successfully, they clearly need to tackle their security anxieties head-on.
Michael DeCesare, president and CEO at ForeScout, said: “The survey results demonstrate a dynamic shift in the way organizations are starting to think about security and risk as it relates to IoT.”
“Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line,” he added.
“Securing IoT is not just a cybersecurity issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility.”