The number of organizations connecting wearables to their networks has nearly doubled since 2014—increasing from 13% to 24%. As such, they are expected to be the top source of security breaches among internet of things (IoT) devices. But most companies, despite awareness of potential threats, are doing little to create IoT security postures.
According to research from Spiceworks, the presence of IoT devices in the workplace has increased across the board in the last 18 to 24 months—everything from connected video equipment to appliances, smartwatches to Go Pros. And while nearly 90% of the IT pros surveyed believe the influx of connected “things” creates security and privacy issues in the workplace, only one in three organizations is actively preparing for the impact IoT could have on their businesses.
The reasons for that lack of prep are myriad: 47% said the value of monitoring IoT devices is still unclear, 38% said they lack the time and staffing resources, and 37% said they lack budget.
Interestingly, the majority of those surveyed (53%) believe wearables are most likely to be the source of a security breach among IoT devices connected to their network, followed by video equipment at 50%, physical security at 46% and appliances at 45%.
Other studies show that the concern is well-founded: HP Fortify found that 100% of the smartwatches that it tested contain significant vulnerabilities, including insufficient authentication, lack of encryption and privacy concerns.
About 84% said more entry points into the network was most concerning when it comes to IoT in general, while 70% said some IoT manufacturers are not implementing sufficient security measures. Additionally, 68% of IT professionals said default passwords and 66% said the lack of IoT standards was concerning.
“The Internet of Things includes everything from smart appliances and wearables to industry-specific devices such as connected medical technologies and sensors in server rooms,” said Matt Olan, IT professional at Pharmacare Specialty Pharmacy. “The problem is that many of these devices have little to no security, and in many cases, they’re even more vulnerable to attacks and misuse than your typical PC. We allow certain IoT devices on our network, but security is always taken into account when planning an IoT deployment.”
The research results also show that security is working its way up the totem pole when it comes to the mix of IoT deployment challenges. Two years ago, insufficient bandwidth was the No. 1 barrier to keeping users connected to corporate networks and the data they need, but security concerns are now the top barrier at 65%, followed by equipment issues at 42%. The challenge of insufficient bandwidth was listed third, decreasing from 45% to 37% in the last two years.
The good news is that out of the one-third of organizations that are preparing to support IoT, 68% are educating end users about risks, 47% are investing in security solutions and 43% are investing in infrastructure. While only 12% of organizations are investing in new management tools for IoT devices today, nearly 50% plan to in the next 12 months.
“As the demand to put more IoT devices on corporate networks increases, IT professionals’ security concerns are increasing in tandem,” said Sanjay Castelino, VP of marketing at Spiceworks. “IT pros are well aware that more end points into the network puts their organization more at risk, but many businesses still aren’t equipped to manage IoT devices and identify potential threats.”
Photo © aslysun