IoT has too many devices and not enough security
As Internet of Things devices expand their reach into the enterprise, they make greater demands on security.
New research from cyber security specialist ForeScout Technologies reveals that while IT professionals acknowledge the growing number of IoT devices on their networks, they are unaware of how to properly secure them.
The survey indicates a lack of visibility into networks. 70 percent of survey respondents don’t have confidence in their ability to see connected devices as soon as they joined their networks, and almost a quarter say that they aren't confident at all. By leaving connected devices out of the security sphere, an organization's attack surface becomes bigger.
"This survey demonstrates not only how pervasive IoT is within the enterprise, but also how much confusion there is around how to secure it," says Rob Greer, CMO and SVP of Products at ForeScout Technologies. "Everyday, new 'things' are being added to corporate networks with little regard to their level of security risk. Each insecure device represents a vulnerable point-of-entry into a company's larger network and companies are starting to realize this".
Among other findings are that, on average, respondents had at least nine out of 27 different types of IoT devices (such as desktop PCs, IP phones, tablets and video conferencing systems) that they could identify on their networks. This number was consistent across respondents -- even those who claimed to have no IoT devices when initially asked.
Companies don't have a specific solution in place to secure IoT devices according to 30 percent, and more than a quarter don't know if they have security policies on their devices. A majority of respondents also believe a lack of communication between IT teams, along with security budget constraints are some of the main challenges to securing IoT. Most IT professionals believe it's important to discover and classify IoT devices, and many would prefer to have this ability without the use of an agent.
Home working is seen as a risk too. Almost half of all respondents report that in-office security policies fail to extend to their home networks -- even when accessing sensitive company data.
"IoT represents one of the largest fundamental changes to the enterprise in decades. The challenge now is to ensure that its promise is realized in a secure and responsible way," adds Greer. "The ability to share real-time contextual insights and implement agentless security policies across the organization encourages healthy security practices from the inside out".
The full report is available to download from the ForeScout website.