Trend Micro Incorporated, the cybersecurity solutions provider, has revealed that organisations around the world are exposing themselves to unnecessary cyber risk by failing to give IT security teams a voice when planning Internet of Things (IoT) project deployments in enterprise environments.
A survey of 1,150 IT and security decision makers in Germany, France, Japan, the UK and US revealed that 79 percent involve the IT department in choosing industrial IoT solutions, but only 38 percent involve their security teams.
"It is remarkable how IT security teams are being locked out of IoT projects, when this is clearly exposing organisations to unnecessary cyber risk," said Bharat Mistry for Trend Micro. "Our study shows too many organizations across the globe don't prioritize security as part of their IoT strategy, which leaves them vulnerable. Unless security is addressed as part of the deployment, these devices will remain exposed and vulnerable since, for the most part, they were not designed to be updated or patched."
The research found that responding organisations spent more than $2.5 million on IoT initiatives over the past year and plan to spend the same in the next 12 months. Given the heavy financial investment, security should be equally invested in to mitigate risks associated with these connected devices. However, only 56 percent of new IoT projects include the Chief Information Security Officer (CISO) as one of the decision makers in selecting a security solution.
According to IDC, IoT enablement, which may involve connecting consumer-facing industrial control systems to the internet for the first time, exposes software vulnerabilities putting corporate data at risk, but also enabling attackers to target and potentially manipulate software-based safety mechanisms to cause intentional or unintentional physical harm to the public.
Reinforcing these known issues, the survey found organizations suffering an average of three attacks on their connected devices in the past year. This proves that the risk introduced by insecure IoT devices in a business is actively affecting enterprises around the globe.
Additionally, 93 percent of respondents said they have recognised at least one threat to critical infrastructure resulting from an IoT implementation. The most common reported threats posed by these added connections included complex infrastructure, an increased number of endpoints, and a lack of adequate security controls.
About the Research
The findings are based on joint research with Vanson Bourne. Between 1 April and 25 May 2018, 1,150 online interviews were conducted with IT and Security decision makers from businesses with 500+ employees in five countries, including USA, UK, France, Germany and Japan. Respondents held either C-Level, senior management or middle management decisions, and work in organisations operating in multiple sectors, including retail, financial services, public sector, media and construction.
 IDC, IDC FutureScape: Worldwide IoT 2018 Predictions, October 2017