A study by Palo Alto Networks reveals that seven out of ten IT decision-makers in the UK (68%) whose organization allows IoT devices to connect to its network, found that the lax cybersecurity practices in IoT devices poses the biggest threat to business networks.
The figure rises to 78% after collating data from organizations around the world, including businesses in the biggest economies in Asia, Europe, North America, and South America, and Australia.
“When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents,” notes Greg Day, VP and CSO EMEA, Palo Alto Networks.
Time for a new policy
In response to the type of IoT incident that keeps IT leaders up at night, 55% voted Industrial IoT attacks to the top of the list, closely followed by distributed denial of services (DDoS) attacks (50%).
The survey found that the greatest security capability needs were around protection against threats (61%) such as malware and ransomware, risk assessment (50%) and segmentation (50%).
While the vast majority (93%) of the respondents indicated that their organization’s approach to IoT security needs improvement, respondents in the UK were far less likely than their EMEA counterparts to feel that drastic change was needed, with only 4% believing a complete overhaul was needed compared to the EMEA average of 20%.
Joint responsibility
On a positive note though, of the 1,900 global respondents, more than four in ten (44%) in the UK, and over half (51%) globally indicated that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications.
Based on their reading of the data, Palo Alto argues that an effective strategy to safeguard business networks from rogue IoT devices can only emerge from a joint responsibility by both business and employees.
“Remote workers need to be aware of devices at home that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks and create a level of segmentation to safeguard remote employees and the organization’s most valuable assets,” believes Ryan Olson, vice president of threat intelligence, Unit 42 at Palo Alto Networks.