Security concerns often prevent organizations from adopting Internet of Things (IoT) technologies, according to a survey conducted by Trustwave, a Top 100 MSSP that specializes in compliance, threat and vulnerability management services.
Key findings from Trustwave's "IoT Cybersecurity Readiness Report" included:
- 64 percent of organizations have deployed some level of IoT technology, and 20 percent plan to do so in the next year.
- 57 percent cited security concerns as the number one barrier to greater IoT adoption, followed by "not relevant to operations" (38 percent) and "lack of budget" (27 percent).
- 49 percent have formal patching policies and procedures in place, and about one-third patch their IoT devices within 24 hours after a fix becomes available.
- 34 percent periodically assess the IoT security risks posed by third-party partners, and 19 percent do not perform third-party IoT risk assessments.
- 28 percent consider their IoT security strategy to be "very important" in comparison to other cybersecurity priorities.
- 10 percent are "very" confident that they can detect and protect against IoT-related security incidents, and 62 percent are "somewhat" or "not" confident that they can do so.
- Among organizations that have deployed IoT technologies, 61 percent have experienced an IoT-related security incident.
IoT security considerations often "take a back seat" to product features and timeliness, Trustwave indicated. However, organizations must allocate time and resources to consider security, or they risk malware infections, denial-of-service attacks and other cyberattacks on their IoT devices.
Trustwave IoT Security Recommendations
IoT-based attacks put an organization and its network infrastructure at risk, and Trustwave offered the following recommendations to assess security risks and implement effective IoT security plans:
- Perform regular network scans.
- Analyze IoT vendors before making new purchases.
- Use IoT vendor risk management and security testing to identify vulnerabilities and weaknesses.
- Update the default passwords on IoT devices to unique, complex passwords; this should be done after an organization identifies or installs IoT devices.
- Develop a process to quickly patch IoT vulnerabilities.
- Conduct proactive threat hunting.
- Limit partner access to networks.
Many organizations lack the internal expertise or resources to manage their security in-house, Trustwave pointed out. As such, MSSPs can help these organizations identify IoT security risks and plan accordingly.
Global IoT Security Market Expected to Grow
The global IoT security market is expected to expand at a compound annual growth rate (CAGR) of 34.4 percent between 2017 and 2022, according to market research firm MarketsandMarkets. This sector also is projected to be worth more than $29 billion by 2022.
In addition, North America is the largest region in the global IoT security market, and network security is expected to hold the largest market share in this sector going forward, MarketsandMarkets stated.