Enterprises aren’t yet managing the risks posed by the swelling wave of IoT technology very well, according to a study released today by the Ponemon Institute.
The study, which surveyed 553 enterprise IT decision-makers, found that 78% of respondents thought that it was at least somewhat likely that their organizations would experience data loss or theft enabled by IoT devices within the next two years.
+ALSO ON NETWORK WORLD: How John Deere developed one of the best GPS locators in the world + A Skunk Works with tractors: Inside John Deere’s IoT-innovation unit
The fact that a lot of small-scale connected devices and other parts of the Internet of Things are highly insecure has been frightening IT departments for a long time. On their own, IoT gadgets aren’t particularly tempting targets, so manufacturers don’t fuss too much about security. In great numbers – and Gartner said recently that it estimates there are 8.4 billion connected devices active this year – swathes of easily compromised IoT gizmos can make for a formidable botnet, as the Mirai botnet showed in 2016.
Yet, in a lot of places, it can be difficult to put policies in place to neutralize this threat. Nearly three respondents in four – 72% – said that the speed at which IoT technology advances makes it harder to keep up with evolving security requirements. Almost as many said that new strategies are needed to cope with the problem.
Those strategies are difficult to design, according to the Ponemon study. Just 44% of respondents told researchers that their enterprise has the ability to protect itself and its network from IoT devices. Less than half said that they specifically monitor the risk posed by devices being used in the workplace.
Another big factor in the generally poor state of IoT management is organization – of the 50% or so of companies that didn’t track IoT inventory, fully 85% said that there is a lack of centralized responsibility for those devices, and over half cited a lack of resources available to perform this task.
Nevertheless, respondents at least recognize the need for a new way of thinking about IoT management – two-thirds said that “a new approach” is necessary for IT departments coping with IoT.