Enterprises risk all in massive IoT and OT security compliance time-bomb

ForeScout Technologies, an Internet of Things (IoT) security company, revealed new findings about the impact IoT and operational technology (OT) are having on organisations and the cybersecurity dilemmas they are causing within security and LoB teams.

The commissioned survey, conducted by leading independent analyst firm Forrester Consulting on behalf of ForeScout, unveiled that security and LoB leaders are experiencing high levels of anxiety due to IoT/OT security concerns, largely due to the negative business ramifications a security failure can have on critical business operations. Furthermore, the majority of these organisations (82%) struggle to identify all of their network-connected devices, and when asked who is primarily responsible for securing IoT, IT and LoB leaders did not have a clear answer or delineation of ownership.

“The survey results demonstrate a dynamic shift in the way organisations are starting to think about security and risk as it relates to IoT. Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line,” said Michael DeCesare, president and CEO at ForeScout. “Securing IoT is not just a cybersecurity issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility.”

According to the survey results collected from over 600 global enterprise businesses, 77% of companies agree that the increased usage of connected devices creates significant security challenges. As a result, 76% of respondents said IoT-related anxieties are forcing them to rethink their IT and LoB security strategies.

“Businesses can already see the benefits of connecting devices to the network that were not traditionally connected to improve their business processes and functions,” according to the commissioned Forrester Consulting study, Fail To Plan, Plan To Fail.

“Technological advancements have given rise to a deluge of new types of connected devices — i.e., Internet of Things (IoT) — which, in turn, introduce new security threats that enterprises are ill-equipped to combat and even recognise. With increased funding and a new security strategy focused on visibility and compliance, companies can begin taking strides forward to reduce their anxiety about IoT and regain confidence that their networks are secure.”

Key findings include:

  • IoT anxiety is consuming security professionals

IoT is causing a new level of complexity and the potential for negative business impacts if a security failure occurs. Survey results show that over half of the respondents (54%) stated that they have anxiety due to IoT security, with LoB leaders having higher amounts (58%) compared to their IT counterparts (51%).

Understanding the magnitude that a breach can have on enterprise operations and not receiving high-level assurances from IT that their devices are secure, can cause higher levels of anxiety in LoB leaders than IT. In addition, overall distress is due to added costs and time needed to manage these devices as well as a lack of security skills.

  • Barriers and compliance complications are leading to risk

IT and LoB respondents cited budget constraints (IT 45%; LoB 43%) as the greatest barrier to investing in IoT security, followed by senior leadership skepticism. Without the added investment, security professionals continue to rely on their traditional security approach to protect IoT/OT (40%). This strategy prevents organisations from being able to identify all network-connected devices, which opens the door for greater security risk and potential compliance complications.

Michael DeCesare

In fact, if audited, 82% said they could not identify 100% of the devices connected to their network. Additionally, over half of respondents (59%) cited that they are willing to tolerate a medium to high risk level in relation to compliance requirements for IoT security. A true concern as 90% of companies are expecting to see their volume of connected devices increase over the next few years.

  • IoT/OT triggers need for a new Symb-IoT-ic relationship across business leadership

The study supports a clear disconnect between IT and LoB leaders, highlighting potential ownership issues around securing process-specific IoT/OT devices. When asked who is primarily responsible for securing IoT/OT devices on an enterprise network, 44% of IT respondents versus 36% of LoB respondents stated security operations centre (SOC) professionals.

However, LoB respondents were more likely than IT to prefer a dedicated LoB IT staff or LoB practitioner to be responsible. While most companies tend to keep security under the purview of IT, it is becoming more critical for collaboration amongst asset managers, LoB teams and the network teams that are adopting and deploying these connected devices. This is important for enterprises as they consider their IoT security strategy, including managing default security configurations and enabling proper visibility of all devices.

  • Tackling IoT/OT security challenges: Taking the right steps forward

The survey shows that a combination of top-down executive support, proper security tools and audits instill greater confidence in device visibility. In fact, 48% of all respondents stated that improving awareness and visibility of IoT devices is a top priority for improving IoT security and 82% of respondents expect their IoT/OT security spend to increase over the next one to two years. When considering the adoption of IoT security solutions, more than half of the respondents (55%) said integration with existing security systems was the most important criteria.

Survey methodology

Commissioned by ForeScout, in August 2017 Forrester Consulting surveyed 603 IT and business decision-makers that are directly involved in their organisation’s network, data and endpoint security processes. Participants were asked about challenges with IoT security and overall awareness of devices on their network. Organisations were located the US, UK, Germany, France, Australia and New Zealand, and had employee counts of 2,500 or more.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Make the Intelligent Choice: Embed X103 in Smart City Outdoor Devices

Posted on: April 25, 2024

The adage “less is more” is the current state of digital transformation, starting with existing technology that has already proven successful – and then further adapting and streamlining. The “smart city” embraces this end goal by digitalizing community services where we live and work, such as traffic and transportation, water and power, and other crucial

Read more
top-view-hand-holding smartphone internet communication network

Industrial IoT adoption fuels growth in private cellular networks

Posted on: April 25, 2024

Mission-critical use cases are driving private IoT connection growth in key industrial markets like manufacturing, logistics and transportation. Industrial IoT (IIoT) customers are eager to digitalise critical use cases with high-powered, dedicated networks, making these industries leaders in private 4G and 5G adoption. According to a new report from global technology intelligence firm ABI Research,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more