In a recent poll conducted by Deloitte, less than 20% of professionals confirmed that they trust their ability to secure the Industrial IoT (IIoT) devices and Internet of Things (IoT).
More than 4,100 professionals across industries and profiles responded to poll questions during a webcast on May 30. Out of which, just 18% of respondents confirmed their confidence on their organizations’ connected devices and products’ security.
This Deloitte project was assisted by industrial cybersecurity firm Dragos. The study showed that more than 51% of respondents admitted being somewhat confident, while 23% were utterly uncertain. Experts suggest this could be the direct result of an overall lack of standardization across industries for secure connected devices.
When questioned about the source of guidance related to the security-by-design of their business, 41% of the respondents reported that they look up to professional organizations as that source. Twenty eight percent of respondents revealed they trust agencies and regulatory bodies that have set guidelines and standards, while 22% prefer developing solutions internally.
About 28% of respondents said they feel safer to abide by an industry-defined framework based on required input selection. While 41% of the surveyed group confirmed trusting a customized set of product cybersecurity requirements for the same. However, 30% of the respondents admitted refraining from any set requirements. Majority of the respondents, about 81%, believe that information security systems are accountable for the security of all connected products in their firms.
The full-scale adoption of connected devices across industries and firms have pushed up the number of data breaches, cyber-attacks, and business disruption that are caused by the unsecured IIoT and IoT devices. Another significant issue is that businesses are not aware of the depth of the risk exposures they face while adopting IoT.
Read Also: The Growth of IoT and Enterprise DNS
IIoT and IoT offer plenty of benefits, but they also come along with a large number of potent security risks. The most significant of these are- not having a secure and private program and lacking governance or ownership to drive privacy and security.
There are also multiple risks associated with security not being embedded into the product design along with risky insufficient security awareness training for the architect and engineers. Besides, enterprises are skeptical due to the lack of IoT/IIoT upgrades, product privacy, and security resources.
Lack of continuous monitoring, post-market implementation security, and privacy risk management are also critical factors that help manage risks associated with IoT environments. The need for identifying and promptly treating risks of legacy and fielded products are added along with the immature and inexperienced incident response.
Organizations need to think through this and reorganize their operations. When understanding the product security requirements, companies see IoT security as the most challenging aspect as they struggle to understand system misconfiguration to ensure the reliability of the manufacturing environment.
To address these challenges, firms need to understand the existing state of product security to develop a cyber-strategy and adopt security-by-design practices. It will ensure the correct ownership of the process, establish dedicated teams, and provide them with the necessary resources taking full advantage of industry-available resources.
Security needs to become embedded in the DNA of operational programs to aid organizations to build a secure environment for production. Organizations need to evaluate all scenarios, consider what can go wrong and deal with those challenges as a priority.