Ubiquitous mobility and increasingly smart devices are setting the stage for the era of the so-called "internet of Things" (IoT)—but IT administrators are eying the phenomenon with a certain amount of unease. In a study from GFI Software, the overwhelming majority expect greater exposure to existing and undiscovered threats from mobile and connected devices in the coming months and years.
Analysts expect the number of devices – or "things" – that will connect to the internet to grow radically by 2020, with Gartner estimating that 26 billion addressable devices will find a home on a corporate network. This spike in connected devices will create billions of new unsecured endpoints that will in turn produce new vectors of attack designed to either compromise the device or gain access to the infrastructure.
As a result, the survey of 202 IT decision makers in US workplaces employing up to 250 people found that the growing relevance of IoT for small and medium-sized businesses (SMB) means growing security threats, greater device management challenges and increased costs for IT management.
Disruption is a significant concern, as 96.5% of IT decision makers surveyed said that IoT would produce at least some negative impacts for their organizations, with more than half (55%) saying it will impose new security threats while extending existing threats to a greater number of devices.
The increasingly prominent role wireless plays in the daily lives of employees means that risks from mobile devices become particularly acute, according to survey respondents, 81.7% of whom indicated that mobile devices create the most potential as a point of exploitation in the IoT age.
"The research findings reveal that the internet of Things will transform business security, as even standard employee devices could present an opportunity for exploitation and pose a real danger to organizations if they are connected to the internet without proper security protections," said Sergio Galindo, general manager of the infrastructure business unit at GFI Software, in a statement. "With billions of devices poised to connect to the internet, organizations are exposed to billions of insecure new endpoints that can compromise the network. The key takeaway is clear: IT organizations must plan effectively to ensure adequate operating system, firmware and patch support within the new IoT age."
Effective planning will require a sea-change for administrators. More than three-quarters (78.6%) of IT administrators said that they expect their security practices to change as a result of IoT. Among these changes, nearly one-third (30%) expect to have to revise policies about connectivity in the workplace to manage this adaption.
Existing anti-spam, anti-virus and anti-malware infrastructure may not do the job of protecting against the multitude of risks posed by the billions of insecure new endpoints. When asked to rank priority areas of security focus, 45% of IT decision makers surveyed pointed to firewalls as their very top priority, while 35.7% cited mobile device management. Anti-virus was cited as a top priority by less than a fifth (18.7%) of respondents.
Furthermore, 30% said IoT will result in an increased IT spend, while 26.7% expected device management to spiral out of control as a result of the rise of IoT. Interestingly, only a small percentage (14%) expect that deploying patches across multiple platforms will present a particular challenge.