ForeScout worked with CensusWide to conduct an independent survey of 500 CIOs and IT decisionmakers to see how prepared they are for IoT cybersecurity and the results were concerning: 47% admitted to not updating default passwords on all IoT devices when they are added to corporate networks; 15% admitted to not keeping security patches up to date.
With 5.7 million registered businesses in the UK, that means nearly 2.7 million are still leaving obvious vulnerabilities in the system for bad actors to exploit.
Making matters worse, UK businesses have a blind spot when it comes to the number of devices connected to their network. Only 54% of respondents had total confidence that they have full visibility and can identify every device on their network.
The visibility challenge for business is only set to increase, with 40% of respondents stating that they are planning to increase their operational technology (OT) spend on connected devices. However, 72% IT managers are concerned about the security implications of adding additional OT devices to their company’s network.
“The convergence between IT and OT is where businesses are looking to drive some major efficiency gains in 2018, but it makes the challenge of knowing exactly what devices are on your network that much harder,” explained Myles Bray, vice president of EMEA at ForeScout. “IoT has expanded the attack surface considerably for all firms, and without basic security hygiene it is easy for bad actors to gain a foothold and then move laterally on a network to reach high-value assets and cause business disruption. With GDPR just around the corner businesses need to act now.”