New statistics released by ForeScout have added further fuel to the ongoing Internet of Things (IoT) security debate for the connected enterprise.
The firm’s survey of more than 350 IT professionals found that whilst the majority of those polled acknowledge a growing number of IoT devices within their network, as many as 85% admitted to lacking confidence in their ability to spot connected devices as soon as they join the network.
With each insecure device representing a possibly vulnerable point of entry to a company’s wider systems, it is of some concern that such a high percentage of IT pros expressed concerns about their capability to quickly spot when a new IoT device is present.
Speaking to Infosecurity Jan Hof, ForeScout’s international marketing director, explained that you cannot protect what you cannot see, and so failing to detect the devices connected to your network puts you at greater risk of attack.
“We have seen a number of large and extensive security breaches recently, where hackers have been exploiting devices unknown to the Security Operations team, similar to the Target attack.
“Today, many different types of devices are connected to networks, including corporate managed devices, personal (BYOD) devices and a proliferation of IoT devices. Having visibility on all these different devices the moment they connect to the network is crucial – and companies have to be aware and acknowledge that IoT (and BYOD) is now a fact of life,” Hof added.
Further, almost a third (30%) of respondents felt their organization is failing to implement a solution focused on securing its IoT devices, with more than a quarter not knowing whether they have security policies on their devices at all. Most of those quizzed added that a lack of communication between IT teams and constraints on security budget are some of the main obstacles to securing IoT.
“Company security must be considered as a whole, so IoT devices and services have to comply with the security policies,” PandaLabs technical director Luis Corrons told Infosecurity.
“Right now every company should identify all devices connected to their network, and grant them permission to access part of the corporate resources depending on the device itself. If it is not a device recognized/approved, it should go to an isolated part of the network or it should not be allowed to connect at all,” he said.
Rob Greer, CMO and SVP of products at ForeScout added:
“IoT represents one of the largest fundamental changes to the enterprise in decades. The challenge now is to ensure that its promise is realized in a secure and responsible way. The ability to share real-time contextual insights and implement agentless security policies across the organization encourages healthy security practices from the inside out.”