There’s a major lack of IoT security awareness

A massive 86% of IT and security decision makers across the globe believe their organisation needs to improve its awareness of IoT threats, according to Trend Micro.

This significant lack of knowledge accompanies rising threat levels and security challenges related to connected devices, which leaves organisations at great risk.

A poll of 1 150 IT and security leader reveals a worrying lack of cybersecurity maturity in many organisations around the world as they deploy IoT projects to drive innovation, agility and digital transformation.

“A common theme in cyberattacks today is that many are driven by a lack of security awareness, and this is accentuated with IoT security,” says Kevin Simzer, chief operating officer at Trend Micro. “It’s a good first step to see that IT leaders recognise awareness levels need to rise across the organisation.

“We recommend business leaders clearly acknowledge the IoT security challenges affecting their company, understand where their security requirements, and invest accordingly to make their security goals a reality.”

A lack of IoT security awareness leaves companies increasingly exposed to potentially damaging cyberattacks. According to the survey, current attacks are targeting office devices most, followed by manufacturing and the supply chain. When an attacker compromises these devices, they can also gain access to the greater corporate network to conduct even more damaging attacks.

To protect against IoT security attacks, more than 50 percent of surveyed IT and security decision makers reported they prioritize a few key capabilities in their security solutions. Monitoring for anomalous behaviors and vulnerability management were the most sought after requirements to mitigate the risk of IoT devices being compromised.

In addition to these specific capabilities, Trend Micro recommends a strong network defence approach to ensure IoT devices do not add security risk at any part of a corporate network. The company also offers a range of security solutions related to specific types of IoT devices for additional protection.