In an already volatile environment, organisations are constantly being warned of the growing threat posed by the Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices as both converge to bring increased productivity and communications. Yet, this strive for better connectivity is presenting significant risks which are causing sleepless nights for security professionals.
A new report which examined the opinions of security professionals towards IoT, and IIoT devices has found connected devices are raising the stakes for industrial security. The IoT and IoT Security Survey by Tripwire, evaluated the opinions of 312 security professionals that manage the security of IoT and IIoT devices and found 99% have reported challenges with the security of IoT and IIoT devices, while 95% admitted to being concerned about the mounting risks associated with these connected devices.
The study also revealed that more than three quarters had stated that connected devices do not easily fit into their existing security approach, and 88% required (or still require) additional resources to meet their IoT and IIoT security needs.
This is of particular concern for those in the industrial space, as more than half (53%) said they are unable to fully monitor connected systems entering their controlled environment, and 61% have limited visibility into changes in security vendors within their supply chain.
“The industrial sector is facing a new set of challenges when it comes to securing a converged IT-OT environment,” said Tim Erlin, vice president of product management and strategy at Tripwire. “In the past, cybersecurity was focused on IT assets like servers and workstations, but the increased connectivity of systems requires that industrial security professionals expand their understanding of what’s in their environment. You can’t protect what you don’t know.”
Additionally, the survey examined practices and ongoing concerns of security professionals responsible for maintaining a connected environment:
- 88% follow some kind of security standard or framework, and most are audited against the framework.
- But even so, industrial professionals across manufacturing, energy, farm & agriculture, pharmaceutical, chemical, nuclear, waste & water and oil & gas industries believe they would benefit from expanded ICS security standards.
- A total of 97% have concerns about supply chain security, and 87% agree that existing IoT and IIoT security guidelines put their supply chain security at risk.
Erlin added: “It’s understandable that managing supply chain risk is top of mind for industrial security teams given the level of attack we have seen this year. Large-scale supply chain risk isn’t new, so if anything, this should encourage companies to invest in resources that help maintain a more secure environment.”
To learn more, download the report – IoT and IIoT Security Survey