Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


IoT Security

Organizations Lack Confidence in Securing IoT, Survey Shows

Less than a fifth of professionals who responded to a recent poll say they are very confident in their ability to secure Internet of Things (IoT) and Industrial IoT (IIoT) devices. 

Less than a fifth of professionals who responded to a recent poll say they are very confident in their ability to secure Internet of Things (IoT) and Industrial IoT (IIoT) devices. 

More than 4,200 professionals across industries and positions responded to poll questions during a webcast on May 30, but just 18% of them said they were feeling very confident that their organizations’ connected products, devices, or other “things” are secure.

Conducted by consulting giant Deloitte and industrial cybersecurity firm Dragos, the survey found that more than half of the respondents (51%) admitted to being somewhat confident, while 23% were uncertain or somewhat not confident. This could be the direct result of an overall lack of standardization across industries for the security of connected devices. 

When asked where they seek guidance related to the security-by-design of their organization, 41% of the respondents said they look to industry and professional organizations for that. 28% revealed they look first to regulatory bodies and agencies that set the standards, while 22% admitted to developing such practices internally. 

Only 28% of the respondents use an industry defined framework as input for requirements selection, while 41% use a custom set of product cybersecurity requirements for that. However, 30% of the respondents admitted to using no defined framework. 

Most of the respondents (81%) believe that information security is accountable for the securing of connected products in their organization. 

The increasing adoption of connected devices across industries has driven up the number of cyber-attacks, data breaches, and business disruption caused by unsecured Internet of IoT and IIoT devices. The issue is that many businesses are not aware of the depth and breadth of the risk exposures they face when adopting IoT.

Advertisement. Scroll to continue reading.

IoT and IIoT offer a great deal of benefits, but they also create a large number of security risks, the most important of which are not having a security and privacy program and lacking ownership/governance to drive security and privacy. 

There are also risks associated with security not being incorporated into the product design and with insufficient security awareness and training for engineers and architects, in addition to a lack of IoT/IIoT and product security and privacy resources. 

Lack of sufficient monitoring, post-market/implementation security and privacy risk management, or visibility are also high risks associated with IoT environments. To these, the risk of identifying and treating risks of fielded and legacy products is added, along with inexperienced/immature incident response.

“Organizations need to think through this. When looking at product security requirements, I see this as a challenging aspect as organizations get a handle around what they are manufacturing. Where I see a lot of organizations struggle is in understanding system misconfiguration or not having the architecture they thought they did in order to make sure their manufacturing environment is reliable,” Robert M. Lee, CEO at Dragos, commented.

To address these challenges, organizations should understand the current state of product security and develop a cyber-strategy, adopt security-by-design practices, ensure correct ownership of the process, establish dedicated teams and provide them with the necessary resources, and take full advantage of industry-available resources. 

“Security needs to become embedded into the DNA of operational programs to enable organizations to have great products and have peace of mind. Today all sorts of products are becoming a part of cyber: from ovens to instant cookers, 3D printers to cars. Organizations need to consider what can actually go wrong with what is really out there and look at those challenges as a priority,” Deloitte Risk and Financial Advisory partner Sean Peasley said. 

Learn More About Securing IIoT at SecurityWeek’s ICS Cyber Security Conference

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Today’s growing attack surface is dominated by non-traditional endpoints.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...