A study released today has looked at the rise of Industrial Internet of Things (IIoT) deployment in organisations, and to what extent it is expected to cause security problems in 2017.
IIoT are the connected devices in critical infrastructure segments such as energy, utilities, government, healthcare and finance. Tripwire’s study revealed that:
96% of those surveyed expect to see an increase in security attacks on IIoT in 2017, while 51% said they do not feel prepared for security attacks that abuse, exploit or maliciously leverage insecure IIoT devices.
Those surveyed, however, do understand the threat with 64% saying they already recognise the need to protect against IIoT attacks, as they continue to gain popularity among hackers.
“Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” said David Meltzer, chief technology officer at Tripwire.
“There are only two ways this scenario plays out: either we change our level of preparation or we experience the realisation of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations.”
“As Industrial companies pursue IIoT, it’s important to understand the new threats that can impact critical operations. Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes,” said Robert Westervelt, security research manager at IDC.
>See also: Manufacturers to prioritise data analytics
“The concern for a cyber attack is no longer focused on loss of data, but safety and availability. Consider an energy utility as an example – cyber attacks could disrupt power supply for communities and potentially have impact to life and safety.”
The study’s respondents were also asked how they expect their organisations’ deployment of IIoT devices to change, and how it will affect their level of vulnerability.
The study, in this regard, revealed that 90% of respondents expect IIoT deployment to increase, while 94% expect IIoT to increase risk and vulnerability in their organisations.
When respondents were broken down by company size, both larger companies (96%) and smaller companies (93%) expect a significant increase in risk caused by the use of IIoT.
Meltzer continued that “The Industrial Internet of Things ultimately delivers value to organisations, and that’s why we’re seeing an increase in deployments. Security can’t be an industry of ‘no’ in the face of innovation, and businesses can’t be effective without addressing risks. The apparent contradiction of known risks and continued deployment demonstrates that security and operations need to coordinate on these issues.”
“While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organisations don’t need to find new security controls, rather they need to figure out how to apply security best practices in new environments.”