By now, we have become all too familiar with the volatile state of the enterprise cybersecurity landscape. Businesses across the globe are enduring an endless barrage of security threats. These cyberattacks — such as Wannacry’s devastating impact on the NHS, or the more recent attempt at infiltrating the international chemical weapons watchdog — bring attention to a range of worrying vulnerabilities hidden in plain sight within corporate IT. It is with these examples in mind that every organization across the globe should act fast as well as smart to ensure that they are adequately protected.
It is surprising, then, that contrary to the supposed heightening of awareness around the risks, recent research found that nearly half of the UK’s 5.7 million businesses are still leaving themselves exposed to cyberattacks by having unknown devices on their network. Worryingly, this marks a significant increase from comparable findings last year, indicating that the number of UK businesses vulnerable to such attacks has increased by 2% since then.
So, as collective consciousness about the risks and consequences of cyberattacks grows, it begs the question: Why do British businesses remain so painfully susceptible to cyberattacks in 2019?
The proliferation of IoT and subsequent security challenges
We hear plenty about the proliferation of IoT devices and the impact this has on the expanding attack surface area for organizations; after all, more devices ultimately mean more endpoints for organizations to manage and protect. However, one other challenging area that is often overlooked and may explain this increase is the rise of industrial IoT, otherwise known as connected operational technology (OT).
Connected OT includes the hardware and software that are part of the physical infrastructure common in industries such as manufacturing and energy, and have been connected to an organization’s network to drive efficiencies. However, as with IoT devices, if bad actors manage to gain access and control of industrial OT systems, the consequences can be devastating to a business’ security, productivity and overall ability to operate.
Therefore the two main challenges IT managers face nowadays is how to keep their networks safe and secure, while dealing with the simultaneous increase of both IoT and IIoT devices — some of which were never intended to be connected to a network in the first place. When having to manage an influx of connected devices on this scale, the reality is that the traditional approach of securing individual endpoints is no longer effective enough. Instead, IT professionals need to turn their cybersecurity approach on its head. Rather than tediously trying to secure each individual device before it joins a network, the focus needs to be on protecting the network first and foremost.
Bringing visibility and control to the fore
Nowadays, organizations need to have full visibility of all devices on their network in real time to spot and fix potential vulnerabilities created by rogue devices. Most CIOs and IT decision-makers are aware of the role that a lack of device visibility and control plays on overall enterprise IT security. In fact, 85% of them acknowledge that it is a significant point of weakness in any security infrastructure. Part of the problem is that different lines of business don’t see eye-to-eye on how IoT-connected devices should be managed, or at least there is no strategy in place to bring the two under one roof. As a result, organizations are left with critical blind spots that can be exploited by bad actors without anyone even noticing.
However, it doesn’t have to be all doom and gloom. Rather than seeing IoT and IIoT as two different beasts, IT managers should consolidate all technologies into one centralized cybersecurity hub. These central management systems allow organizations across all industries to reveal any potential blind spots created by the huge number of new connected devices in a network. Now, although the majority of IT decision-makers believes that a centralized approach to IT and OT security would help protect themselves against vulnerabilities, the reality is that more than half are yet to implement a corresponding approach within their own organization.
So it seems that, across the board, awareness of how destructive cyberattacks can be and what organizations can do to properly protect themselves is rising with British businesses. However, in terms of translating that knowledge into an implementable cybersecurity strategy, UK companies still have a long way to go. With the number of cyberattacks and the resulting financial damage increasing each year, there is no time left to be wasted. If UK businesses want to adequately protect their networks against bad actors that exploit well-known vulnerabilities within connected devices, they need to implement a complete visibility and control model now, before it is too late.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.