Connected devices are increasingly making their way into businesses. They facilitate work processes, but they also pose increased security risks. And those risks are significant, according to a study by Tripwire, a U.S. security solutions provider. Tripwire commissioned Dimensional Research to assess the security of networked devices in corporate environments.
“The industry is facing new challenges when it comes to securing a converged IT OT environment,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Historically, cybersecurity has focused on IT assets such as servers and workstations, but the increasing interconnection of systems requires industry security professionals to expand their understanding of what’s in their environment: you can’t protect what you don’t know.”
In addition, the survey considered the day-to-day practices and concerns of security professionals responsible for maintaining a networked environment: 88 percent follow a security standard or framework for doing so. Yet, professionals in manufacturing, energy, agriculture, pharmaceuticals, chemicals, nuclear, waste and water, and oil and gas believethey would benefit from enhanced ICS security standards 97 percent have concerns about supply chain security, and 87 percent agree that existing IoT and IIoT security policies would compromise the security of their supply chain.
Erlin adds, “It’s understandable that managing supply chain risk is high on the agenda for industry security teams, given the scale of attacks we’ve seen this year. Large-scale supply chain risks are not new, so if anything, this should encourage companies to invest in resources to help maintain a more secure environment.”
Some companies are already moving in the right direction. In light of recent events, 59 percent say their budget for supply chain security management has increased in the past year. In addition, 99 percent say their security teams already deny employee requests to connect devices; 43 percent say they do so frequently, suggesting work is already underway to maintain a smaller, networked footprint and manage inventory on the network.