IIoT is used to describe connected devices in critical infrastructure industries, including energy, utilities, government, healthcare and finance.
Tripwire’s study also found that half of respondents said they do not feel prepared for security attacks that abuse, exploit or maliciously leverage insecure IIoT devices.
Around 64% of respondents said they already recognise the need to protect against IIoT attacks, as they continue to gain popularity among hackers.
“Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” said David Meltzer, Tripwire’s chief technology officer.
“Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes,” said Robert Westervelt, security research manager at IDC.
Loss of data used to be the main risk of cyber attacks, but when the operation of key pieces of infrastructure are interfered with, such as portions of the electricity grid for instance, the risks are about safety and availability.
Though most organisations, large and small, surveyed are aware that increased adoption of IIoT technology can increase vulnerability to cyber attacks, most participants expect IIot adoption to continue apace, partly because organisations cannot afford not to adopt IIoT.
The apparent contradiction of known risks and continued deployment shows that security departments and operations need to coordinate more closely.
“Organisations don’t need to find new security controls, rather they need to figure out how to apply security best practices in new environments,” according to Meltzer.
