ForeScout® Technologies, Inc., the pioneer in agentless cybersecurity, has announced the findings of its new “Enterprise Internet of Things (IoT) Survey”. Commissioned by ForeScout and conducted by a non-affiliated third party, the survey of 350+ Information Technology (IT) professionals assessed their organisations’ IoT security practices. The research revealed that while the majority of respondents acknowledge the growing number of IoT devices on their networks, they are unaware of how to properly secure them.

The survey points to a lack of visibility into everything on the network. 85 percent of survey respondents lacked confidence in their ability to see connected devices as soon as they joined their networks, and almost a quarter of survey respondents said that they weren’t confident at all. When connected devices are left out of the security sphere, an organisation’s attack surface becomes much more vulnerable.

Other key findings from the survey include:

• A False Sense of Security: On average, respondents had at least nine out of 27 different types of IoT devices (e.g. desktop PCs, IP phones, tablets, video conferencing systems) that they could identify on their networks. This number was consistent across respondents – even those who claimed to have no IoT devices when initially asked.
• Insecure Security Policies: 30 percent of respondents said that their company failed to have a specific solution in place to secure IoT devices, and more than a quarter do not know if they have security policies on their devices.
• Lack of IT Collaboration: The majority of respondents believe a lack of communication between IT teams and security budget constraints are some of the main challenges to securing IoT.
• Working from Home Puts the Enterprise at Risk: Almost half of all respondents reported that in-office security policies failed to extend to their home networks – even when accessing sensitive company data.
• Demand for Agentless Security: Most IT professionals believe it is important to discover and classify IoT devices, and many would prefer to have this ability without the use of an agent.

“This survey demonstrates not only how pervasive IoT is within the enterprise, but also how much confusion there is around how to secure it,” said Rob Greer, CMO and SVP of Products at ForeScout Technologies. “Every day, new ‘things’ are being added to corporate networks with little regard to their level of security risk. Each insecure device represents a vulnerable point-of-entry into a company’s larger network and companies are starting to realise this.”

The U.S. Department of Commerce recently cited that 200 billion connected devices will be deployed by 2020 with an accompanying economic impact in the trillions by 2025*. However, almost half of IT professionals surveyed expressed little to no confidence in their ability to see, control and manage the current IoT devices in their network environments.

“IoT represents one of the largest fundamental changes to the enterprise in decades. The challenge now is to ensure that its promise is realised in a secure and responsible way,” continued Greer. “The ability to share real-time contextual insights and implement agentless security policies across the organisation encourages healthy security practices from the inside out.”

*Atlantic Council, Cyber Risk Wednesday: What is the Government’s Role in the Internet of Things?, 25 May 2016.

Survey Methodology

ForeScout commissioned Webtorials to conduct the Enterprise IoT Survey from March – April 2016. The survey of 350+ IT and networking professionals analysed and assessed respondents’ views on their organisation’s IoT devices, security policies, approaches and tools. To download the full report, please go here.