Tripwire Inc. has announced the results of a new research report that assessed the security of connected devices across enterprise environments in 2021. Conducted this month by Dimensional Research, the survey evaluated the opinions of 312 security professionals that manage the security of Internet of Things (IoT) as well as Industrial Internet of Things (IIoT) devices across their organisation.
According to the survey, a staggering 99% of security professionals have reported challenges with the security of their IoT and IIoT devices, with 95% reporting concerns about risks associated with these connected devices.
“The industrial sector is facing a new set of challenges when it comes to securing a converged IT-OT environment,” said Tim Erlin, vice president of product management and strategy at Tripwire. “In the past, cybersecurity was focused on IT assets like servers and workstations, but the increased connectivity of systems requires that industrial security professionals expand their understanding of what’s in their environment. You can’t protect what you don’t know.”
More than three quarters of those surveyed said that connected devices do not easily fit into their existing security approach, and 88% required (or still require) additional resources to meet their IoT and IIoT security needs. This is of particular concern for those in the industrial space, as more than half (53%) said they are unable to fully monitor connected systems entering their controlled environment, and 61% have limited visibility into changes in security vendors within their supply chain.
“It’s understandable that managing supply chain risk is top of mind for industrial security teams given the level of attack we have seen this year,” Erlin added. “Large-scale supply chain risk isn’t new, so if anything, this should encourage companies to invest in resources that help maintain a more secure environment.”
On a positive note, the survey has found that some organisations are already heading in the right direction, with 59% reporting that their budget for managing supply chain security increased in the past year. In addition, 99% reported that their security teams are already in the habit of refusing employee requests to connect devices with 43% say they often do, which indicates work is already being done to maintain a smaller, connected footprint and manage inventory across the network.