IT security pros expect a rise in Industrial Internet of Things attacks
The Industrial Internet of Things (IIoT) is used in many businesses, including critical infrastructure sectors such as energy, utilities, government, healthcare and finance. No surprise then that it's a likely target for attack.
A new survey from security and compliance specialist Tripwire of more than 400 IT security professionals shows that 96 percent expect to see an increase in security attacks on the IIoT in 2017.
51 percent say they don't feel prepared for security attacks that seek to abuse, exploit or maliciously use insecure IIoT devices. In addition 64 percent say they already recognize the need to protect against IIoT attacks.
"Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don't feel prepared to detect and stop cyber attacks against IIoT," says David Meltzer, chief technology officer at Tripwire. "There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations."
Respondents were also asked how they expect their organizations' deployment of IIoT devices to change, and how that will affect their level of vulnerability. Across all respondents 90 percent expect IIoT deployment to increase, and 94 percent expect a consequent to increase risk and vulnerability in their organizations. When respondents are broken down by company size, both larger companies (96 percent) and smaller companies (93 percent) expect to see a significant increase in risk caused by the use of IIoT devices.
Meltzer adds, "The Industrial Internet of Things ultimately delivers value to organizations, and that's why we're seeing an increase in deployments. Security can't be an industry of 'no' in the face of innovation, and businesses can’t be effective without addressing risks. The apparent contradiction of known risks and continued deployment demonstrates that security and operations need to coordinate on these issues. While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organizations don't need to find new security controls, rather they need to figure out how to apply security best practices in new environments."
You can read more about the report's findings on the Tripwire blog.