Connected “things” are rapidly permeating our entire society. From connected cars to the smart home, medical equipment to fitness trackers, the Internet of Things (IoT) is working to make us healthier, happier, safer and more productive. From a corporate perspective, it’s empowering companies as diverse as hospitals, manufacturers and utilities providers to streamline their operations, enhance business agility, and drive innovation-led growth.
It’s no surprise that there are over eight billion connected things in use today — a figure that will top 20 billion by 2020, including over seven billion in the corporate sphere, according to Gartner.
Yet cybersecurity remains a major challenge and a barrier to progress. If left unsecured, IoT endpoints could be hijacked to conscript into botnets, sabotaged to disrupt key processes, or used as a stepping stone into corporate networks. IoT systems sit at a crucial intersection between IT and OT, often controlling key operational technologies but also connected into wider IT networks, and therefore exposed to internet-facing threats. Traditional silos between IT and OT teams compound these risks.
To shed more light on the issue, we commissioned Vanson Bourne to interview 1,150 IT and security decision-makers in the US, UK, France, Germany, and Japan. We wanted to understand the level of investment in IoT projects today and where it’s being targeted, what the key IoT security challenges are, how widespread attacks are, and what organizations are doing to mitigate cyber risk. As such, this study sits neatly alongside Trend Micro’s extensive range of industry research covering areas like connected hospitals, IoT-powered transportation networks, exposed cities, and connected surveillance cameras.
We discovered that Industrial IoT, wearables, smart utilities, and smart factory initiatives are already well underway in many organizations. But securing data, devices, and networks, complying with regulations and tackling security complexity are major challenges. The risks are no longer theoretical: Responding organizations claimed on average to have suffered an average of three attacks on IoT devices over the previous 12 months, with just a quarter (27%) having not experienced any.
In this context, it’s disappointing that so few organizations involve security teams in projects from the start, with many admitting that they view IoT protection as an afterthought. It’s hoped that by bringing to light these issues, the report can help IT and security bosses better understand where key risks lie and where they can do better than their peers going forward. This is particularly important to the new regulatory landscape in Europe, where major fines could be levied under the GDPR and NIS Directive if serious incidents are found to stem from insecure systems.
To gain more insight into these issues, download the ebook.