That’s according to a new report on practices for securing the internet of things (IoT), commissioned by Palo Alto Networks, the global cybersecurity leader, based on a survey of 1,350 IT business decision-makers in 14 countries in Asia, Europe, the Middle East and North America.
Overwhelmingly, respondents report a rise in the number of IoT devices connecting to their networks over the last year. Among the connected trash cans, light bulbs and hand sanitizer stations, one red flag emerged: 41% of respondents said they need to make a lot of improvements to the way they approach IoT security, and 17% said that a complete overhaul is needed, amounting to more than half of those polled.
Nearly 1 in 4of those surveyed at organizations with at least 1,000 employees reported that they have not segmented IoT devices onto separate networks – a fundamental practice for building safe, smart networks. Only 21% reported following best practices of using microsegmentation to contain IoT devices in their own tightly controlled security zones.
“Traditional networks are ill-equipped to handle the surge in adoption of IoT devices,” said Tanner Johnson, senior cybersecurity analyst at Omdia. “Device behaviour baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site.”
Palo Alto Networks released the survey as part of its ongoing efforts to shed light on security threats posed by the surge in deployment of internet-connected devices. Business Insider Intelligence forecasts there will be more than 41 billion IoT devices by 2027, up from 8 billion last year.
“Devices that employees innocently bring onto an organization's network are often not built with security in mind, and can be easy gateways to a company’s most important information and systems,” said May Wang, senior distinguished engineer at Palo Alto Networks.
“To address that threat, security teams need to be able to spot new devices, assess their risk, determine their normal behaviours and quickly apply security policies.”