2.7 million businesses in the UK are leaving their corporate networks vulnerable to IoT hacks, new research from ForeScout has revealed. The survey of 500 CIOs and IT managers found significant cause for concern with almost half (47%) of respondents having allowed IoT devices onto their corporate network without changing the default password. With 5.7 million registered businesses in the UK, that means nearly 2.7m are still leaving obvious vulnerabilities in the system for bad actors to exploit. The risk to businesses has been compounded further by 15% admitting they had not kept security patches up to date on all their connected enterprise devices.
UK organisations lack device visibility
The new study conducted by CensusWide and released to coincide with the launch of ForeScout’s new technology innovation, also highlighted that UK businesses have a blindspot when it comes to the number of devices connected to their network. Only 54% of respondents had total confidence they have full visibility and can identify every device on their network.
ForeScout announced new foundational innovations in ForeScout CounterACT® 8 that raise the bar on device visibility and control to mitigate risk, reduce the attack surface and automate incident response across the extended enterprise network – from the campus to data centre, cloud and critical infrastructure.
The enhanced ForeScout device visibility platform adds increased scalability, cloud-based device intelligence, IoT device assessment, and flexible centralised licensing to help enterprises see and control more than 5 billion IP-connected devices, including traditional, mobile, virtual, IoT and Operational Technology (OT).
Convergence of IT and OT
The visibility challenge for business is only set to increase, with analysts predicting the number of devices on enterprise networks is set to increase from 6.6 billion today to 29 billion in 2020. The research from ForeScout supports this trend with 40% of respondents stating they are planning to increase their operational technology spend on connected devices. However, 7 in 10 (72%) IT Managers are concerned about the security implications of adding additional OT devices to their company’s network.
“The convergence between IT and OT is where businesses are looking to drive some major efficiency gains in 2018, but it makes the challenge of knowing exactly what devices are on your network that much harder,” explained Myles Bray, VP EMEA, ForeScout.
“IoT has expanded the attack surface considerably for all firms, and without basic security hygiene it is easy for bad actors to gain a foothold and then move laterally on a network to reach high-value assets and cause business disruption. With GDPR just around the corner businesses need to act now.”
ForeScout has expanded its device visibility platform to deliver:
- Enhanced visibility across some of the fastest growing enterprise devices, including industrial and critical infrastructure systems, IPv6 addressable devices and devices managed by cloud controllers such as Cisco Meraki.
- Increased device intelligence using ForeScout Device Cloud which now houses more than 3 million enterprise devices.
- New IoT risk assessment capability that allows organisations to identify devices with default or weak credentials and automate policy actions to ensure compliance and mitigate risks.
Improved management scale from one million to two million devices per single deployment allows enterprises to keep pace with device growth.