About 68% of senior management believes that Internet of Things (IoT) and Operational technologies are critical to supporting business innovation, however, 31% of IT security practitioners have slowed down, limited or stopped the adoption of IoT pertaining to security concerns, according to a report by Microsoft and Michigan based research centre Ponemon institute.
While 65% have made it a top priority to plan and deploy IoT projects, more than half of the respondents believed that IoT and OT devices have not been developed with security in mind. However, 60% admitted that IoT and OT security was one of the least secured aspects of their infrastructure.
“On a positive note, a vast majority of security and risk leaders recognise the threat and have made shoring up their IoT and OT defenses a top priority for the next 12 to 24 months,” said Larry Ponemon, Chairman and Founder of Ponemon Institute.
The report highlighted that there was a common misconception that IoT devices were not directly connected to traditional endpoints such as workstations, servers and mobiles, however, the research showed that devices on IT and OT networks were directly or indirectly connected to the internet, marking them as targets that can even be breached from outside of the organisation.
One such example was the attacks carried out by Mozi, a P2P botnet that uses a protocol called as distributed hash table. Mozi was discovered in September 2019 by research firm NetLab and is one of the most notorious malware that targets IoT devices specifically.
Netlab said that Mozi accounted for over 1.5 million infected nodes, with about 830,000 of them originating from China.
The report pointed out that 51% of all OT networks are connected to corporate IT networks, while 56% admitted that their devices are connected to the internet for remote access needs.
Additionally, close to 9 out of ten respondents said that their IoT devices are connected to the internet for one task or the other, example of which can be cloud printing services.
63% also did not trust the IoT security currently, citing that they expected the volume of IoT attacks to significantly increase in the future.
The study however, was only carried out in the United States and took inputs from more than 600 IT, IT security and other security practitioners across the United States.