While the majority of IT pros acknowledge the growing number of IoT devices on their networks, they are unaware of how to properly secure them, according to ForeScout.
The survey points to a lack of visibility into everything on the network. 85 percent of respondents lacked confidence in their ability to see connected devices as soon as they joined their networks, and almost a quarter of survey respondents said that they weren’t confident at all. When connected devices are left out of the security sphere, an organisation’s attack surface becomes much more vulnerable.
A false sense of security: On average, respondents had at least nine out of 27 different types of IoT devices (e.g. desktop PCs, IP phones, tablets, video conferencing systems) that they could identify on their networks. This number was consistent across respondents – even those who claimed to have no IoT devices when initially asked.
Insecure security policies: 30 percent of respondents said that their company failed to have a specific solution in place to secure IoT devices, and more than a quarter do not know if they have security policies on their devices.
Lack of IT collaboration: The majority of respondents believe a lack of communication between IT teams and security budget constraints are some of the main challenges to securing IoT.
Working from home puts the enterprise at risk: Almost half of all respondents reported that in-office security policies failed to extend to their home networks – even when accessing sensitive company data.
Demand for agentless security: Most IT professionals believe it is important to discover and classify IoT devices, and many would prefer to have this ability without the use of an agent.
The U.S. Department of Commerce recently cited that 200 billion connected devices will be deployed by 2020 with an accompanying economic impact in the trillions by 2025. However, almost half of IT professionals surveyed expressed little to no confidence in their ability to see, control and manage the current IoT devices in their network environments.