IoT Security A Top Concern For The Enterprise



Dan Gunderman
11/08/2017

A new survey carried out by Forrester Consulting confirms an underlying fear for IT professionals: IoT device security.

Statistics show that IoT (internet of things) and LoB (line of business) professionals are worried about the security of devices that continue to accumulate on enterprise networks. In fact, a large portion (82%) of the 600 global enterprise business respondents said that they would not be able to identify 100% of the devices hooked up to their network.

The staggering numbers continue, uncovering this (reasonable) fear that enterprise professionals share about their growing networks and capabilities to administer high-end security for all angles.

The inherent anxiety appears to be rooted in the prospect of revenue loss or productivity dips, which can feasibly happen in just minutes in a linked-up DDoS attack.

Each connected device poses a new challenge to CISOs charged with securing it. Seventy-seven percent of the business respondents agreed that this concept poses new problems. That said, 76% of those surveyed confirmed that IoT security has made them rethink their strategies across the board, according to Help Net Security.

See related: Managing The Intersection Of Cyber Security And IoT

While IoT enhancements help streamline certain aspects of business, it is clear more must be done to shore up these widening networks.

Michael DeCesare, president and CEO of ForeScout, said on the matter, “Securing IoT is not just a cyber security issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility.”

Specifically zeroing in on this workplace anxiety, 54% of respondents confirmed that IoT was an anxiety-inducing challenge for their enterprise. LoB leaders showed slightly more anxiety than IT pros (58% to 51%, respectively). It seems LoB leaders may be in the dark a bit more, then – in having to receive assurances about device safety from IT departments.

Regardless of the demographic, though, all statistics show that additional security equates to more money and more energy.

Progressing in IoT security also proves difficult, due to budget constraints. A top-down corporate format means that these decisions are not made in a vacuum – they are carefully deliberated by department heads. As such, C-suite skepticism may partially be to blame in this instance.

See related: 6 Tech Giants Form IoT Cyber Security Alliance

Of those respondents in the IT field, 45% cited their budget as the biggest barrier to investing more intently in IoT security (versus 43% in LoB). Forty percent of security professionals said they are still utilizing traditional approaches for IoT – a setback when it comes to new-device recognition. This segues to what could become a compliance issue upon an audit.

Fifty-nine percent of the respondents said they would tolerate a medium to high risk level when it comes to compliance requirements for IoT. This comes as companies expect to see steady growth in IoT in the near future.

It seems that there is also confusion in task delegation as well. When asked who is charged with securing IoT devices, 44% of IT professionals and 36% of LoB respondents said security operations center (SOC) officials. Those surveyed within LoB were more likely to designate a specific staff or practitioner to carry out the deployment.

The agenda for those charged with IoT activity may be to increase visibility of these devices, and also help further secure passwords. To facilitate this process, more interdepartmental collaboration may be required.

Results show that a steadfast corporate approach to this issue could help remedy potential issues. More audits may need to be carried out as well in the immediate future, to ensure all corners of the network are covered.

That's because 82% of those surveyed predicted that their IoT security spending will likely increase in the next one to two years.