A new study from Trustwave and Osterman Research reveals that adoption and security practices are misaligned.
Trustwave has released the “IoT Cybersecurity Readiness Report” which assess the current and future use of Internet of Things (IoT) technologies and corresponding security practices and implementation challenges across organizations in a wide-range of industries. Astonishingly, although most organizations surveyed plan to increase adoption of IoT into operations, only 28 percent consider security strategies specific to IoT as “very important.”
Osterman Research conducted the survey on behalf of Trustwave, primarily with midsize and large organizations with a median of 1,000 employees per organization. Individuals with applied security experience or knowledge were targeted. A total of 137 surveys were completed in November 2017.
Key findings from the Trustwave IoT Cybersecurity Readiness Report include:
IoT use is growing rapidly – Sixty-four percent of organizations surveyed have deployed some level of IoT technology, and another 20 percent plan to do so within the next 12 months. The result will be that by the end of 2018, only one in six organizations will not be using at least a minimal level of IoT technology for business purposes.
Security concerns cited as top barrier to increased IoT adoption – Although greater than half surveyed plan on increasing use of IoT technologies, 42 percent are either unsure or have no plans to increase use. Fifty-seven percent cite security concerns as the number one barrier to greater IoT adoption, followed by “not relevant to operations” at 38 percent and “lack of budget” at 27 percent.
Disparity between IoT use and security – Only 28 percent of organizations surveyed consider that their IoT security strategy is “very important” when compared to other cybersecurity priorities within the organization. More surprising, however, is that greater than one-third believe that IoT security is only “somewhat” or “not” important.
Most have already experienced an IoT-related security incident – Sixty-one percent of those surveyed who have deployed some level of IoT technology have had to deal with a security incident related to IoT. While most of the reported incidents involved actual attacks – e.g., malware infiltration (24 percent of the organizations surveyed) and successful phishing and/or social engineering attacks (18 percent), some were merely attempted attacks, such as misconfiguration attacks (11 percent). Additionally, organizations can be attacked by IoT devices from outside sources even though they have no IoT devices deployed internally. Overall, most believe they will experience an IoT security problem in the future, with 55 percent believing it will happen during the next two years.