Risks in Internet of Things devices prevent many firms from being convinced of merits.
Despite many IoT projects proving successful, a lot of organisations are still averse to adopting IoT, according to Microsoft.
In a blog post, the firm said that many enterprises still view security as a top hurdle when it comes to IoT and looks set to stay that way until the end of next year.
“The continuous connection of smart devices across networks, commonly called the internet of things (IoT) is driving a transformation in how enterprises all over the world manage network infrastructure and digital identities,” said Microsoft. “With such rapid change comes new cyber-security challenges. Many organisations are hesitant to tap into the power of the IoT due to the complexities and risk associated with managing such a diverse–and sometimes unclear–environment.”
It said that by 2020 more than a quarter of attacks will focus on IoT infrastructure but enterprises will only spend a tenth of their security budgets on protecting IoT deployments.
It pointed to researcher said found that enterprises endured a 78 per cent increase, year-on-year, in breaches, and this was down to the widespread use of smartphones and web apps creating a target-rich It environment.
“IoT offers an expanding horizon of opportunity that shouldn’t be ignored due to security concerns. With foresight into these current trends, practical planning, and persistence implementation, you can move your organisation vision for IoT forward with confidence in your security practices,” Microsoft added.
Preparedness
Another survey, this time from Tripwire, said that less than one-third of firms are prepared for Internet of Things (IoT) security risks. IT also found that 78 per cent of respondents are concerned about the weaponisation of IoT devices in the use of DDoS attacks and nearly half (47 per cent) of the respondents expect the number of IoT devices on their networks to increase by at least thirty percent in 2017.
“It wasn’t so long ago that home computer ‘zombie armies’ were the weapon of choice for a lot of cyber-attacks and denial of service attacks,” said Dwayne Melancon, chief technology officer and vice president of research and development for Tripwire.”
Related: Fortinet’s IoT security fears come true
“It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern. That makes sense since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets. The large number of easily compromised devices will require a new approach if we are to secure our critical networks. Organisations must respond with low-cost, automated and highly resilient methods to successfully manage the security risk of these devices at scale.”
John Smith, principal solution architect at Veracode, told Internet of Business that while the risk of vulnerable IoT devices is becoming harder to ignore, security still remains an afterthought for many industries rather than a priority in the design phase of both the device and application interface.
“Too frequently the device interface is inherently insecure or does not automatically update with new patches, creating significant risk to information,” he said.