As the technology industry races to embrace the internet of things (IoT) and all the benefits it can bring, it has also been quick to warn about the security implications too. There have already been a number of examples of everyday IoT devices, such as security cameras and webcams, being hijacked and used to launch cyber attacks.
Many IoT devices are not built with security in mind, making them easy targets for attackers. The same fear is spreading to the Industrial Internet of Things (IIoT), connected devices used in the energy, utilities, government, healthcare and finance sectors. The potential security flaws here are much more severe, as a successful attack on an IIoT set-up could result in power grids going offline or transport systems shutting down.
It’s something that is worrying IT workers. Research from TripWire found that 96% of IT workers who have responsibility for digital security as a significant part of their job expect to see an increase in attacks on IIoT infrastructure.
The majority of respondents (64%) acknowledged the need for their organizations to defends themselves from IIoT attacks. Despite this, over half (51%) of the respondents admitted they were not prepared for any kind of malicious attack that uses IIoT elements.
The expectation is that things will only get worse. Nearly all respondents (90%) said they expect their organization to increase IIoT deployments, while 94% expect that IIoT usage will increase risks and vulnerabilities for their organization.
“Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” said David Meltzer, chief technology officer at Tripwire. “Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations.”
“The Industrial Internet of Things ultimately delivers value to organizations, and that’s why we’re seeing an increase in deployments. Security can’t be an industry of ‘no’ in the face of innovation, and businesses can’t be effective without addressing risks,” he added.
“The apparent contradiction of known risks and continued deployment demonstrates that security and operations need to coordinate on these issues. While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organizations don’t need to find new security controls, rather they need to figure out how to apply security best practices in new environments,” Meltzer concluded.