Information Technology (IT) professionals and executives in critical positions in enterprises are still not very serious about the security around the Internet of Things (IoT). The results of a study by Atomik Research, announced by global security compliance solutions Tripwire, Inc on the security of the “Enterprise of Things” in critical infrastructure industries, examined the impact that emerging security threats connected with the IoT have on enterprise security.
Key findings of the study included:
Employed consumers working from home have an average of 11 IoT devices on their home networks, and nearly one in four employed consumers (24 per cent) have already connected at least one of these devices to their enterprise networks.
63 per cent of executives expect that business efficiencies and productivity will force them to adopt IoT devices despite the security risks; however, only 46 per cent say the risks associated with IoT have the potential to become the most significant risk on their networks.
The 2014 Trustwave Global Security Report (http://tripwire.me/1u2c9mS) identifies retailers as the top industry target for cybercriminals, comprising 35 per cent of the attacks studied. However, nearly half of retail IT professionals (46 per cent) were “not concerned” about cybercriminals targeting IoT devices on their network.
Only 8 percent of energy IT professionals were concerned about cybercriminals attacking industrial controllers, but 88 per cent were not confident in the secure configuration of industrial controllers.
Less than one in four IT professionals were confident in the secure configuration of common IoT devices that are already on enterprise networks: Voice over Internet Protocol (VoIP) phones (21 per cent), sensors for physical security (20 per cent), smart controllers for lights and HVAC (16 per cent), point-of-sale devices (18 per cent) and industrial controllers (12 per cent).
The study spoke to 404 IT professionals and 302 executives from retail, energy and financial services organizations in the United States and the United Kingdom. The study whitepaper is available here: http://www.tripwire.com/register/enterprise-of-things-report/.
Respondents were asked how prepared their businesses were for meeting the new and rising challenges of IoT growth in the workplace. The Tripwire study did not include smartphones, Tablets or laptops because the security risks associated with these devices are relatively well understood. Instead, the study focused on IoT device categories already on enterprise networks as well as new device types that are at an inflection point in market adoption.
“The reason many enterprises are relatively ‘unconcerned’ about the security of IoT devices is because they misunderstand the risk. They may believe they have ‘solved’ the security problem, when they have not. Alternatively, they may believe that there is no security problem when there is. Frequently, organisations believe that they have nothing of value that would interest an attacker – this is rarely true. For attackers there is always something to be gained, and they’re not always looking for data that has financial value. From the theft of information or services that can be used to add a veneer of legitimacy to phishing campaigns or user credentials that can be used to gain access to a connection point from which to attack corporate partners, there is always something of value, ” said Chris Conacher, Security Development Manager, Tripwire, in a written statement.
Here’s a video on IoT Security:
Image Credit: Tripwire
– Advertising Message –