A survey from UK-based firm Databarracks has found that only 27% of organisations polled feel able to protect themselves against IoT threats.
Based on the findings, its managing director Peter Groucutt has said that organisations must now factor IoT into their continuity planning.
“The IoT device market is still relatively immature and somewhat of a Wild West,” said Groucutt. “According to industry experts, by 2020 there will be over 50 billion connected devices. Understandably, manufacturers are racing to capitalise on the opportunity, but unfortunately, many are doing so at the expense of basic security measures.
“Organisations need to be aware of these risks, even if they do not use any IoT devices – the growing number of connected devices globally means there is an increased risk of DDoS attacks through IoT botnets – but our data suggests firms are ignoring these threats,” added Groucutt. “Research from our annual Data Health Check survey revealed that only 13% of businesses saw IoT threats as a major concern. Additionally, just over a quarter of organisations (27%) had set policies in place designed to protect against IoT threats.”
According to Groucutt, organisations incorporating IoT devices into their IT infrastructure should not rely on existing policies for evaluating the security of devices, instead develop new ones. Questions such as what protocol the device uses; can the IoT network be isolated from our other systems; is it connecting directly back to the data centre or to a hub – either in the cloud (hosted externally) or to an Edge server that you manage; how do we login and authenticate; can we integrate with our existing authentication products, and finally, what O/S is used and do we have competency; should be considered.