Only 50% of organisations enforce IOT security policies
While 97% of global enterprises now have security policies in place to manage Internet of things (IOT) devices, only about half enforce these policies, and around 10% don't even have the tools to enforce these policies.
This is according to a new Forrester research report titled: State of IOT Security 2018, which found that although there is growing awareness of IOT threats within global organisations, adequate deployments of threat intelligence systems are still lagging.
As the number of IOT-enabled devices grows to include different device form factors, device types, and use cases, so does the importance of deploying security solutions that can provision, configure, authenticate, monitor, and maintain these devices, notes Forrester.
Device heterogeneity, adds the report, will make consistent security policies a struggle to implement as the diverse range of device types makes consistent security policies challenging and increases the risk of security blind spots persisting in the environment that hackers can compromise for data theft.
"IT security and risk (S&R) professionals still face a diverse set of obstacles when deploying a comprehensive IOT security strategy. From a hacking perspective, IOT threats are increasing in sophistication and effectiveness. In the past 12 months, several botnets have emerged, all of which have leveraged insecure connected devices to either launch DDOS attacks or load malware, and all of which have leveraged previous botnets to increase in sophistication. This means that today's security controls may not be sufficient requiring S&R professionals to create a flexible architecture that can adapt to the evolving threat landscape quickly and effectively," says the report.
In addition to dealing with an increasingly sophisticated security threat landscape, security teams and their collaborators must also contend with a range of business, process, compliance, and technology risks for their IOT deployments, Forrester points out.
"IOT security success requires cross-organisational collaboration. Successful IOT deployments also require collaboration among multiple organisational roles, including infrastructure and operations, application development and delivery, business insights, and security, says the report.
A Kaspersky Lab report titled: "Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within" found that in the META region, only 18% of employed respondents are fully aware of the IT security policies and rules set in the organisations they work for. This, combined with the fact that 40% of employees consider protection from cyber threats a shared responsibility, presents additional challenges when it comes to setting the right cyber security framework.
Understanding common insider threat profiles remains an essential step in helping organisations eliminate damage before it happens, says Virginia Satrom, social media manager at Forcepoint.
"Organisations should put all users through detailed training which educates them on best practices and how to recognise an adversary's stealth techniques. At the same time, teach them how to spot possible malicious insiders through the classic 'trouble signs' they project. On the tech side, organisations can complement their firewall and anti-virus tools with insider threat-centric ones related to authentication/access control, data loss prevention and user behaviour analysis," she advises.