More than 50% of respondents to a Tripwire survey said their organization is not ready to deal with industrial IoT security threats.
Anyone who follows the Internet of Things knows that consumer IoT devices are easy prey for hackers that infect devices with malware to launch botnet attacks. But industrial IoT security is also a pressing concern, according to a new report by Tripwire, a provider of security and compliance applications.
“More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” said David Meltzer, chief technology officer at Tripwire. “There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations.”
With the help of Dimensional Research, Tripwire asked over 400 IT professionals who said IT security is one of their primary job responsibilities and who worked at organizations with at least 1000 employees to weigh in. Almost all of the respondents, 96%, said they expect to see an increase in IIoT cyber attacks this year, and 51% said they aren’t prepared at all. Roughly 64% said they understood the need to protect their organization and IIoT deployments.
The industrial IoT is made up of the connected devices in critical infrastructure segments such as energy, utilities, manufacturing, government, healthcare and finance. As organizations embrace the IIoT, they are not prepared for the increased risk it creates, according to Tripwire. Research firm Gartner says over 8.4 billion IoT sensors will be in use by the end of 2017, and that will rise to 20.4 billion. IIoT devices and sensors are expected to make up a major portion of that by 2018.
Industrial IoT security a significant risk
Despite security concerns, 90 percent of those surveyed said they expect their organization to increase their IIoT deployments, and 94 percent expect those deployments to increase risk and make their organizations more vulnerable. 96 percent of larger companies and 93 percent of small and medium sized companies said they expect their IIoT deployments to create a significant risk increase.
“As industrial companies pursue IIoT, it’s important to understand the new threats that can impact critical operations. Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes,” said Robert Westervelt, security research manager at IDC. “The concern for a cyber attack is no longer focused on loss of data, but safety and availability. Consider an energy utility as an example – cyber attacks could disrupt power supply for communities and potentially have impact to life and safety,”
