2.7 million businesses in the UK are leaving their corporate networks vulnerable to IoT hacks, new research from ForeScout has revealed.
The survey of 500 CIOs and IT managers found significant cause for concern with almost half (47 per cent) of respondents having allowed IoT devices onto their corporate network without changing the default password. With 5.7 million registered businesses in the UK, that means nearly 2.7m are still leaving obvious vulnerabilities in the system for bad actors to exploit. The risk to businesses has been compounded further by 15 per cent admitting they had not kept security patches up to date on all their connected enterprise devices.
Natan Bandler, CEO and Co-Founder of Cy-OT, said “It is not surprising that such a large number of businesses in the UK are leaving themselves vulnerable to IoT hacks; way more than 2.7 million organisations should be worried. IoT devices are the easiest way in and out of an organisation as they are the weakest link in a company’s cybersecurity chain. Organisations have zero visibility into these devices, and they are not protected adequately.
“Even though, according to this research, 85% of businesses are keeping patches up to date, it is basically irrelevant. You can’t expect all devices to be patched; in fact there are often not even relevant patches available for all IoT devices. Organisations should not trust the IoT device itself, patched or not. It needs to protect itself and put mechanisms in place to secure its data and sensitive assets, especially as some of the IoT devices may not belong to the organisation itself.
“Insecure devices are the easiest way to get into an organisation, enabling cybercriminals to scan your network, install malware, conduct reconnaissance and exfiltrate data by bypassing other security mechanisms.
“What is needed is a dedicated cybersecurity solution that is monitoring both the IoT device and its activity, 24 x 7. By doing this, an organisation will be able to detect when and which devices are at risk. The answer does not lie within the device itself, but with a solution that your Security Operations Team can control.”
UK Organisations Lack Device Visibility
The new study conducted by CensusWide and released to coincide with the launch of ForeScout’s new technology innovation, also highlighted that UK businesses have a blindspot when it comes to the number of devices connected to their network. Only 54 per cent of respondents had total confidence they have full visibility and can identify every device on their network.
ForeScout announced new foundational innovations in ForeScout CounterACT® 8 that raise the bar on device visibility and control to mitigate risk, reduce the attack surface and automate incident response across the extended enterprise network – from the campus to data center, cloud and critical infrastructure. The enhanced ForeScout device visibility platform adds increased scalability, cloud-based device intelligence, IoT device assessment, and flexible centralised licensing to help enterprises see and control more than 5 billion IP-connected devices, including traditional, mobile, virtual, IoT and Operational Technology (OT).
Convergence of IT and OT
The visibility challenge for business is only set to increase, with analysts predicting the number of devices on enterprise networks is set to increase from 6.6 billion today to 29 billion in 2020. The research from ForeScout supports this trend with 40 per cent of respondents stating they are planning to increase their operational technology spend on connected devices. However, 7 in 10 (72%) IT Managers are concerned about the security implications of adding additional OT devices to their company’s network.
“The convergence between IT and OT is where businesses are looking to drive some major efficiency gains in 2018, but it makes the challenge of knowing exactly what devices are on your network that much harder,” explained Myles Bray, VP EMEA, ForeScout. “IoT has expanded the attack surface considerably for all firms, and without basic security hygiene it is easy for bad actors to gain a foothold and then move laterally on a network to reach high-value assets and cause business disruption. With GDPR just around the corner businesses need to act now.”
ForeScout has expanded its device visibility platform to deliver:
- Enhanced visibility across some of the fastest growing enterprise devices, including industrial and critical infrastructure systems, IPv6 addressable devices and devices managed by cloud controllers such as Cisco Meraki.
- Increased device intelligence using ForeScout Device Cloud which now houses more than 3 million enterprise devices.
- New IoT risk assessment capability that allows organisations to identify devices with default or weak credentials and automate policy actions to ensure compliance and mitigate risks.
Improved management scale from one million to two million devices per single deployment allows enterprises to keep pace with device growth.
For further information about ForeScout, please visit www.forescout.com