Study Reveals Critical Infrastructure Execs Complacent About IoT Security

Tripwire, Inc., a global provider of advanced threat, security and compliance solutions, has announced the results of an extensive study conducted by Atomik Research on the security of the “Enterprise of Things” in critical infrastructure industries. The study examined the impact that emerging security threats connected with the Internet of Things (IoT) have on enterprise security. Study respondents included 404 IT professionals and 302 executives from retail, energy and financial services organizations in the U.S. and U.K. The study whitepaper is available here.
 
Key findings included:

• 63 percent of C-level executives said they expect business efficiencies and productivity to force them to adopt IoT devices regardless of the security risks. In spite of these business pressures, most executives are relatively unconcerned with the security risks associated with IoT devices. Only 27percent of executives said they are “very concerned” about the security risks associated with IoT.

• Employed consumers working from home have an average of 11 IoT devices on their home networks, and nearly one in four employed consumers (24 percent) have already connected at least one of these devices to their enterprise networks.

• The 2014 Trustwave® Global Security Report identifies retailers as the top industry target for cybercriminals, comprising 35 percent of the attacks studied. However, nearly half of retail IT professionals (46 percent) were “not concerned” about cybercriminals targeting IoT devices on their network.

• Only 8 percent of energy IT professionals are concerned about cybercriminals attacking industrial controllers, but 88 percent are not confident in the secure configuration of industrial controllers.

• Less than one in four IT professionals are confident in the secure configuration of common IoT devices that are already on enterprise networks: Voice over Internet Protocol (VoIP) phones (21 percent), sensors for physical security (20 percent), smart controllers for lights and HVAC (16 percent), point-of-sale devices (18 percent) and industrial controllers (12 percent).

 
Research firm IDC anticipates there will be over 28 billion IoT devices installed by 2020 (http://tripwire.me/1tHxq1n), up from an estimated nine billion today. These devices are expected to deliver an overall global economic value add of $1.9 trillion, of which 80 percent will be derived from services. While the IoT marketplace is lucrative, new devices will open additional attack vectors for enterprise networks.
 
Respondents were asked how prepared their businesses are for meeting the new and rising challenges of IoT growth in the workplace. The Tripwire study did not include smartphones, tablets or laptops because the security risks associated with these devices are relatively well understood. Instead, the study focused on IoT device categories already on enterprise networks as well as new device types that are at an inflection point in market adoption.
 
Devices categories included:
 

• Printers, 3-D printers and scanners.
• Routers, firewalls and modems.
• Gaming consoles.
• Wearable devices, such as smart watches, Google Glass™ and headsets.
• Smart appliances, such as refrigerators and coffee makers.
• Smart meters for energy.
• VoIP phones.
• Controllers for lights, heating, ventilating and air conditioning.