A survey recently conducted by Deloitte and Dragos found that less than a fifth of security professionals are confident in their ability to secure Internet of Things (IoT) and Industrial IoT (IIoT) devices.
Of the 4,200 respondents across all industries and backgrounds, only 18% claim to be very confident that their organization has properly secured connected products, devices, and other "things" from attack. Over half of respondents (51%) claim to be somewhat confident, while 23% were either uncertain or somewhat not confident in their IoT security.
The respondents explained where they seek guidance in relation to security-by-design for their organization - 41% said they look to industry and professional organizations, 28% claim to look at regulatory bodies and agencies, and 22% claim to develop these practices internally.
Less than a third of respondents (28%) use an industry defined framework when adopting requirements, while 41% claim to use a custom set of product cybersecurity requirements. Unfortunately, 30% admitted to having no defined framework enabled at all.
The increased adoption and use of IoT devices offers endless benefits, but if these devices are unsecure, they will continue to drive the number of cyberattacks, data breaches, and business disruptions. Many businesses are simply unaware of the risk associated with adopting IoT, but make no mistake, these devices in the hands of hackers can do serious damage.
Without security in mind in product development, insufficient monitoring in place, and visibility into your environment, these organizations will continue to be at high risk of attack. NNT suggests starting by regularly scanning for all devices connect to your network and identify what they are. Anything new in your environment should be checked for how it operates, functions and capabilities and how it can be secured from attack.
Learn more about IoT Security in our latest article: Cyber Security of the Fridge - Accessing the Internet of Things Threat