More entry points into the network and lax security measures from manufacturers is a concern for organizations looking to tap the power of the IoT.
Over the last few years, the Internet of things (IoT) has expanded rapidly into the enterprise. Connected devices and wearables now span almost every industry—and employees use smart watches and other devices at work. However, as adoption spikes and the opportunities for business benefits grows, there's also mounting concern about cyber-security. These devices radically expand the potential attack surface but also introduce new and different security challenges.
A study from IT professional network Spiceworks and Cox Business, 2016 IoT Trends: The Devices have Landed, offers insight into what business and IT leaders are thinking—and how they are approaching the IoT and connected systems. According to the survey of 440 IT professionals, 90 percent believe connected "things" introduce security and privacy issues in the workplace. Yet, only one in three organizations is actively preparing for the impact IoT could have on business.
A majority of IT professionals (53 percent) believe wearables are most likely to be the source of a security breach among IoT devices connected to their network, followed by video equipment at 50 percent, physical security at 46 percent, and appliances at 45 percent.
In addition, 84 percent of the respondents indicated that more entry points into the network was the biggest concern while 70 percent believe that some IoT manufacturers are not implementing adequate security measures. Additionally, 68 percent of IT professionals said default passwords were a problem and 66 percent said the lack of IoT standards was a concern.
How are CIOs and others responding? Forty-one percent of organizations have a separate network for IoT devices, but 39 percent are integrating them into their corporate network. Despite growing interest and adoption of IoT devices, 11 percent of organizations don't allow any IoT devices on their network.
Finally, when asked to reveal who in the enterprise decides whether to support IoT devices, 50 percent of respondents said the CIO and IT department lead the discussion and six percent said the CTO, senior tech leaders and development teams are charged with the task. However, 31 percent of IT professionals said adding IoT devices isn't spearheaded by any one individual or group.
It's time for CIOs and other business and IT leaders to focus on key elements of IoT security, including sandboxing systems and data, air gapping networks and using encryption to lock down data in transit. A separate PwC report found that only 36% of organizations have an IoT security strategy in place.