Two-thirds of executives expect that business efficiencies and productivity will force them to adopt Internet of Things (IoT) devices despite the security risks.
The survey of 404 IT professionals and 302 executives from retail, energy and financial services organisations in the US and UK by Tripwire found that 24 per cent have already connected at least one device to their enterprise networks, while only 46 per cent of respondents say that the risks associated with IoT have the potential to become the most significant risk on their networks.
“The reason many enterprises are relatively ‘unconcerned’ about the security of IoT devices is because they misunderstand the risk,” said Chris Conacher, security development manager at Tripwire.
“They may believe they have ‘solved’ the security problem, when they have not. Alternatively, they may believe that there is no security problem when there is. Frequently, organisations believe that they have nothing of value that would interest an attacker – this is rarely true. For attackers there is always something to be gained, and they’re not always looking for data that has financial value.”
Fewer than one in four IT professionals were confident in the secure configuration of common IoT devices that are already on enterprise networks: with Voice over Internet Protocol (VoIP) phones concerning 21 per cent, sensors for physical security 20 per cent, smart controllers for lights and HVAC 16 per cent, and 19 per cent concerned about point-of-sale devices.
Paul Simmonds, CEO of the Global Identity Foundation, said: “The study highlights the need to be able to build security and identity into the IoT in a standard way so that IoT devices can be on-boarded into whichever environment is required – home, business or national critical infrastructure. A plethora of cloud-based solutions unique to each manufacturer, suppler or even device will lead to chaos and insecurity.”