IoT devices are an enterprise security time bomb

The majority of enterprise players cannot identify IoT devices on their networks -- but that's only the beginning.
Written by Charlie Osborne, Contributing Writer

The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research.

On Wednesday, ForeScout Technologies revealed the results of a new survey into the challenges IoT poses for the enterprise.

The survey, conducted by Forrester Consulting, suggests that IoT and operational technology (OT) are having a serious impact on the way businesses conduct themselves today -- and pose a huge risk due to a lack of information and appropriate security practices.

According to the survey, based on responses from 603 IT and line-of-business (LoB) decision-makers involved in enterprise security teams across the US, UK, Germany, France, Australia and New Zealand, a massive 82 percent of companies are not confident about passing audits as they are unable to identify all IoT and OT devices on their networks.

To make matters worse, when asked who is responsible for the security of such devices, respondents did not have a clear answer.

In total, 54 percent of respondents said that IoT is causing serious anxiety due to security worries and the impact on the business should a failure occur, and LoB employees demonstrated more concern than IT staff at 58 percent to 51 percent respectively.

Executive skepticism was cited as a barrier to investment into IoT security solutions, alongside budget constraints. As a result of having little money to spare, 40 percent of respondents said that their companies continue to rely on traditional security approaches -- which, in turn, prevent a clear view into what devices are connecting to where, and when.

This is a glaring issue for today's firms, which need crystal-clear visibility into networks where BYOD and IoT are common. Failing to identify and isolate malicious devices or suspicious network activity places company networks and information at serious risk.

See also: Internet of Things: The Security Challenge

However, according to the survey, 59 percent of respondents said they were willing to tolerate a medium to high-risk level in relation to compliance requirements for IoT security -- and yet, 90 percent also expect the volume of IoT devices connecting to corporate networks to rise in the next five years.

The research also says that 48 percent of respondents believe improving awareness and visibility of IoT devices should be a top priority for improving IoT security, and 82 percent expect their IoT and OT security spend to increase over the next few years.

"The survey results demonstrate a dynamic shift in the way organizations are starting to think about security and risk as it relates to IoT," said Michael DeCesare, president, and CEO at ForeScout. "Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line. Securing IoT is not just a cybersecurity issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility."

Internet of Things gadgets to make your home smarter

Previous and related coverage

    Your forgotten IoT gadgets will leave a disastrous, toxic legacy

    With IoT devices increasingly a part of the real, physical world, something needs to be done to avoid disaster in the event of a cyberattack against connected systems.

    Internet of Things security woes: Can smarter consumers save the IoT from disaster?

    If consumers become aware of the risks of insecure IoT devices, they could prevent cyberattacks.

    Arm announces PSA security architecture for IoT devices

    Arm hopes the adoption of its new PSA system will help protect trillions of connected devices in the future.

      Editorial standards