Little Security Input in IoT Deployment Decisions

Little Security Input in IoT Deployment Decisions

A recent survey of global IT and security decision-makers found that companies are exposing themselves to greater risks by excluding IT security teams from discussions on internet of things (IoT) deployment plans.

Trend Micro, in collaboration with Vanson Bourne, conducted online interviews with 1,150 IT and security decision-makers about their roles in the decision-making process for implementing and deploying IoT solutions. Participants represented organizations from Germany, France, Japan, the UK and the US. Responses revealed that 79% of companies include the IT department when choosing industrial IoT solutions, but only 38% consult their security teams.

The research also found that nearly 33% of respondents reported that the person responsible for IoT security is unknown. Yet participating organizations said that they had experienced an average of three attacks on connected devices in the past year.

“It is remarkable how IT security teams are being locked out of IoT projects, when this is clearly exposing organizations to unnecessary cyber risk,” said Kevin Simzer, chief operating officer of Trend Micro, in a press release.

“Our study shows too many organizations across the globe don’t prioritize security as part of their IoT strategy, which leaves them vulnerable. Unless security is addressed as part of the deployment, these devices will remain exposed and vulnerable since, for the most part, they were not designed to be updated or patched.”

While organizations have spent more than $2.5 million on IoT initiatives over the past year, only 56% of new IoT projects include security solution input from the CISO.

The survey also found that 93% of respondents have recognized at least one threat to critical infrastructure that has been the result of an IoT implementation. Risks to complex infrastructure and a lack of adequate security controls are among the most common threats posed by these added connections.

Source: Information Security Magazine