The Internet Of Things, A Challenge For Security Teams
Their use does not only concern individuals, but also companies. Just as IT manages printers, general services would be delighted to be able to centralize the management of the restocking of coffee makers in offices, for example. According to Business Insider, there will be 41 billion IoT devices in 2027.
But these new devices connected to the corporate network pose a severe security problem. They may contain protection mechanisms, but they are generally weak protections and cannot last over time, with the necessary updates. Indeed, it is not economically viable for a manufacturer to invest in developing updates and integrating robust security mechanisms. Faced with this situation, IT managers and CISOs are sounding the alarm bells and recommending far-reaching measures to prevent them from being used as vectors for pirating corporate networks.
This is what emerges from a new study commissioned by TRC on the practices of securing the Internet of Things (IoT). The study interviewed 1,350 IT decision-makers in 14 countries in Asia, Europe, the Middle East and North America. Most respondents report an increase in the number of IoT devices that have connected to their network in the past year (85% in France compared to 90% in the United Kingdom).
The Majority Says Security Needs To Be Improved.
This mostly mass of connected objects, trash cans, light bulbs and dispensers of hand cleaning gel, sports equipment, game consoles, for example, sets off an alarm signal: 95% of respondents indicate that their approach to security needs substantial improvements, even a complete overhaul (10%).
“Some devices that are introduced in good faith by employees into their corporate network are often not designed with security in mind and can turn into easily actionable access to the most important information and systems of the business.”
Less Than A Third Apply Reasonable Security Practices.
For 21% of respondents working for companies with 1000 or more people said they had not segmented IoT devices to assign them to separate networks; 5% admit that they have not yet started to consider IoT specific security.
Only less than a third (27%) of respondents indicated that they apply acceptable micro-segmentation practices to confine IoT devices to their security zones, which are subject to rigorous controls. And just under half (45%) say their IoT devices are segmented into a separate network from the one they use for backend devices and critical business applications.