Nearly all security professionals are struggling to secure IoT devices

(Image credit: Shutterstock)

Internet of Things (IoT) devices and Industrial Internet of Things (IIoT) devices are proving a challenge to secure, raising concerns about cybersecurity, new research has found.

A report from security firm Tripwire found 99% of security professionals find securing these devices challenging, while 95% are worried about risks that come with smart devices.

The biggest challenge for more than three-quarters of IT professionals comes from these devices not easily fitting into their existing security approach. For almost nine in ten (88%), additional resources are needed if IoT and IIoT are to be properly secured.

Visibility is also a problem, as more than half (53%) of the respondents said they aren’t able to fully monitor connected systems entering their controlled environment. Furthermore, almost two-thirds (61%) have limited visibility into changes in security vendors within their supply chain.

“In the past, cybersecurity was focused on IT assets like servers and workstations, but the increased connectivity of systems requires that industrial security professionals expand their understanding of what’s in their environment. You can’t protect what you don’t know,” commented Tim Erlin, vice president of product management and strategy at Tripwire.

Supply chains at risk

Most IT pros follow some kind of security standard and audit IoT and IIoT devices against it, but still - they’d love further expanded Industrial Control Systems (ICS) security standards. This rings particularly true for those in the manufacturing, energy, farm & agriculture, pharmaceutical, chemical, nuclear, waste & water, and oil & gas industries.

Almost all are wary of cybersecurity within their supply chain and agree that their current IoT and IIoT security guidelines are putting their supply chain security at risk.

“It’s understandable that managing supply chain risk is top of mind for industrial security teams given the level of attack we have seen this year,” Erlin concluded. “Large-scale supply chain risk isn't new, so if anything, this should encourage companies to invest in resources that help maintain a more secure environment.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.