Trend Micro recently conducted a global survey of IT and security decision makers. When asked about the top consequence to IoT security, many would have expected it to be data loss. However, the top consequence named with 52% of respondents was “Loss of Customer Trust.” IoT has a physical component that is unusual in the all cloud and software IT world. And if that physical component has a vulnerability or is attacked, that physical component can’t be re-imaged or overwritten. Your customer will be staring at a physical embodiment of the insecurity of your product or service. Even with the fastest supply chain and delivery service, they’ll be staring at it and cursing it longer than even a slow software patch.
And #2 Reinforces the Theme Found in the Top Consequence
The second most listed consequence was “Monetary Loss.” Again, data loss is not mentioned, but it is that customer impact and direct loss to the business that resonates with IoT concerned leaders. IoT is either in a customer location, or in your business units or production environments. IT increasingly has been centralized to data centers and cloud environments, and there is less often local IT resources held by the business unit, branch office, or customer. IoT does not follow most of these IT trends.
IoT Security at Time of Implementation Is An Afterthought
However, IoT does share one characteristic with IT – poor security at time of implementation. In the survey, 42% cited security as an afterthought in their IoT strategies.
So What Next?
IoT has two components to it: the consumer-grade devices we have around our homes and offices (TVs, lightbulbs, speakers) generally called IoT, and the manufacturing, production, and shop floor grade of devices such as turbines, generators, robots, boilers, and elevators we classify as Operation Technology or OT. All implementations of IoT – whether at the consumer or OT level – face the same security issues. Any time those product vulnerabilities are plugged into your network, risk is introduced and threats can occur.
Security must be built in to these devices to truly mitigate this risk. As long as security is an afterthought, however, the problem will continue to persist.
Trend Micro is looking forward to continuing our survey efforts. We’re interested in not only the IoT/OT security trends, but in digging deeper into the business views of IT and OT security, and especially on the nexus between these two distinct security domains.