Study: 96% of IT security pros expect an increase in IIoT attacks

Mar. 14, 2017 – A new study finds 96 per cent of IT security professionals expect an increase in cybersecurity attacks on the Industrial Internet of Things (IIoT).

Conducted by Tripwire, a global provider of security and compliance solutions for enterprises and industrial organizations, and Dimensional Research, the study looked at the rise of IIoT deployment in organizations, and to what extent it is expected to cause security problems in 2017.  

The study found that:

• Ninety-six per cent of those surveyed expect to see an increase in security attacks on IIoT in 2017;
• Fifty-one per cent said they do not feel prepared for security attacks that abuse, exploit or maliciously leverage insecure IIoT devices; and
• Sixty-four per cent said they already recognize the need to protect against IIoT attacks, as they continue to gain popularity among hackers.
 
“Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” said David Meltzer, chief technology officer at Tripwire. “There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations.”

“Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes,” said Robert Westervelt, security research manager at IDC. “The concern for a cyber attack is no longer focused on loss of data, but safety and availability.”

Respondents were also asked how they expect their organizations’ deployment of IIoT devices to change, and how it will affect their level of vulnerability. The study found:

• Ninety per cent expect IIoT deployment to increase; and
• Ninety-four per cent expect IIoT to increase risk and vulnerability in their organizations.
• When respondents were broken down by company size, both larger companies (96 per cent) and smaller companies (93 per cent) expect a significant increase in risk caused by the use of IIoT.
 
“While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organizations don’t need to find new security controls, rather they need to figure out how to apply security best practices in new environments,” continued Meltzer.

A total of 403 participants — from Canada, the United States, the United Kingdom and Europe — completed the survey.