US organizations are ramping up their investment in Internet of Things (IoT)-enabled devices at the moment – but do not always seem to be taking the security precautions necessary to defend against the advanced range of threats the technology can bring about.
This is according to a new report from security solutions provider Tripwire, which surveyed more than 220 information security professionals attending the 2016 Black Hat USA conference, finding that many companies may not have adequately prepared themselves for the new technology paradigm that the IoT represents.
When asked whether their organizations had prepared for the security risks associated with IoT devices, only 30 per cent responded in the affirmative, with 37 per cent saying they had not but intended to do so soon, while a further 27 per cent replied with a simple "no". Additionally, five per cent of those polled simply said they were not concerned about IoT security risks.
This is despite the fact that 78 per cent of respondents to the survey said they were worried about the weaponization of IoT devices for the use of DDoS attacks – events that can severely impact the running of a business and create significant risk of reputational damage.
Dwayne Melancon, chief technology officer and vice-president of research and development at Tripwire, said: "The large number of easily compromised devices will require a new approach if we are to secure our critical networks. Organizations must respond with low-cost, automated and highly resilient methods to successfully manage the security risk of these devices at scale."
This lax attitude to IoT security is being observed even at a time when only ten per cent of companies say they do not expect the number of IoT devices on their networks to increase in 2017. By contrast, 21 per cent expect to see this number increase by up to ten per cent, while 22 per cent are anticipating a rise of at least 20 per cent, 19 per cent expect an increase of 30 per cent and nine per cent forecast a rise of 40 per cent. Meanwhile, 18 per cent of respondents said their number of IoT-connected systems will surge by at least 50 per cent.
Tripwire's report shows that this rapid growth is not always being accompanied by proper monitoring of the technology. When asked if their organization accurately tracks the number of IoT devices on their network, only 34 per cent gave a positive response, compared to 52 per cent who responded negatively and 15 per cent who said they did not know.
Tim Erlin, director of IT security and risk strategy for Tripwire, said: "The IoT presents a clear weak spot for an increasing number of information security organizations. As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks.
"By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced."