IoT technology is a major cybersecurity headache for businesses

13 Nov 2017

IoT devices present new challenges for firms. Image: only_kim/Shutterstock

With the proliferation of the internet of things in the business environment, companies are growing concerned about security.

In a report commissioned by major cybersecurity firm ForeScout Technologies and carried out by Forrester Consulting, it was revealed that security and line of business (LoB) teams are feeling the impact of internet of things (IoT) and operational technology (OT) advances.

Many of the leaders surveyed expressed their concerns about the negative ramifications an IoT or OT security failure could potentially have on critical business operations, and 82pc of organisations struggled to identify all of their network-connected devices.

Global businesses on IoT challenges

The results were collected from more than 600 global businesses and about 2,500 employees, and 77pc of them agreed that the use of connected devices is creating unprecedented cybersecurity challenges.

“The survey results demonstrate a dynamic shift in the way organisations are starting to think about security and risk as it relates to IoT,” said ForeScout president and CEO Michael DeCesare.

“Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line,” he added.

“Securing IoT is not just a cybersecurity issue, it is a business issue, and operating at any risk level is too much. Enterprises need full visibility.”

IoT anxiety is consuming security professionals

According to the survey results, anxieties around IoT are forcing 76pc of respondents to overhaul their IT and LoB strategies.

More than half of the respondents (54pc) stated that they have anxiety due to IoT security, with LoB leaders having higher amounts (58pc) compared to their IT counterparts (51pc).

This seems to be because LoB leaders require high-level assurances from IT that they currently aren’t getting, and many LoB leaders don’t have adequate cybersecurity skills, so there is also an element of fear of the unknown. As well as this, cybersecurity costs time and money to implement.

Barriers to investment in IoT security

45pc of IT respondents and 43pc of LoB leaders cited financial constraints as the biggest obstacle in the way of investing in security, followed closely by scepticism from senior leaders.

40pc of security professionals surveyed said they continue to rely on their traditional security approach to protect IoT or OT. This strategy prevents organisations from being able to identify all network-connected devices, which opens the door for greater security risk and potential compliance complications.

82pc of all respondents said that if audited, they would not be able to identify all of the devices connected to their network, and 59pc said they are willing to tolerate a medium-to-high risk level in relation to compliance requirements for IoT security. This is a major concern as 90pc of companies are expecting to see their volume of connected devices increase over the next few years.

IT and LoB leaders are not communicating enough

There is confusion between IT and LoB around who is responsible for certain aspects of process-specific IT and IoT devices. When asked who is primarily responsible for securing IoT or OT devices on an enterprise network, 44pc of IT respondents versus 36pc of LoB respondents stated security operations centre professionals.

However, LoB respondents were more likely than IT to prefer a dedicated LoB IT staff or LoB practitioner to be responsible.

This shows that while most companies tend to keep security under the purview of IT, it is becoming more critical for collaboration amongst asset managers, LoB teams and the network teams that are adopting and deploying these connected devices.

Tackling IoT and OT security challenges

The survey found that a combination of top-down executive support, proper security tools and audits instil greater confidence in device visibility.

48pc of all respondents stated that improving awareness and visibility of IoT devices is a top priority for improving IoT security overall, and 82pc of respondents expect their IoT or OT security spend to increase over the next one to two years.

“IoT and OT bring significant benefits to organisations around the world,” said a spokesperson at Forrester. “Enterprises are heading in the right direction when it comes to IoT security investments, and our hope is to bring greater awareness to both the challenges as well as the best practices. However, this survey brings to light that more is needed to be done around IoT security.”

Check out the infographic below for more details.

Infographic: ForeScout

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects