The increased use of connected devices leads to significant security challenges for 77 percent of enterprises, according to a new survey.
The study conducted by Forrester for IoT security company ForeScout Technologies also reveals that 82 percent struggle to identify all of their network-connected devices, and when asked who is primarily responsible for securing IoT, IT and line of business (LoB), leaders don't have a clear answer or measure of ownership.
54 percent of respondents say that they have anxiety due to IoT security, with LoB leaders showing more concern (58 percent) compared to their IT counterparts (51 percent). Budget constraints are seen as the greatest barrier to investing in IoT security (by 45 percent of IT leaders and 43 percent of LoB leaders), followed by senior leadership skepticism.
Without added investment, security professionals continue to rely on their traditional security approach to protect IoT and operational technology (40 percent). This strategy prevents organizations from being able to identify all network-connected devices, which means they face a ticking time bomb of greater security risk and potential compliance complications. If audited, a worrying 82 percent say they would not be able to identify 100 percent of the devices connected to their network.
Additionally, over half of respondents (59 percent) say that they are willing to tolerate a medium to high risk level in relation to compliance requirements for IoT security. This is a major concern as 90 percent of companies are expecting to see their volume of connected devices increase over the next few years.
"The survey results demonstrate a dynamic shift in the way organizations are starting to think about security and risk as it relates to IoT. Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line," says Michael DeCesare, president and CEO at ForeScout. "Securing IoT is not just a cyber security issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility."
There are some positives from the research, 48 percent of all respondents say that improving awareness and visibility of IoT devices is a top priority for improving IoT security and 82 percent of respondents expect their IoT security spend to increase over the next one to two years. When considering the adoption of IoT security solutions, more than half of respondents (55 percent) say integration with existing security systems is the most important criteria.