According to a recent study, only 18 percent of retail IT security professionals are concerned that cybercriminals are targeting point of sale (PoS) devices installed on their networks, and only 20 percent are “confident” that those same devices are securely configured.
Between July and September 2014, Tripwire conducted a study in which it compared the attitudes of some 276 retail executives and IT security professionals based in the UK and United States, with 431 individuals in the energy and financial industries also surveyed.
Some of the study’s key findings include the following:
- 36 percent of retail executives are “not confident” that their organizations’ network devices are all running only authorized software. Only 25 percent of financial service respondents and 32 percent of energy respondents shared the same concern.
- Only 25 percent of retail executives expect to receive additional budget to protect IoT devices, with 59 percent of financial respondents and 52 percent of energy respondents expecting to receive additional budget.
- 34 percent of retail executives are “not confident” all the devices on their network are authorised. 18 percent of financial services respondents and 20 percent of energy sector respondents expressed these same doubts.
The fact that many IT security professionals in the retail, energy, and financial service industries do not know whether the devices connected to their network are authorized or are running authorized software is deeply concerning, according to Dwayne Melancon, CTO for Tripwire.
“It’s imperative that enterprises establish the ability to continuously monitor their network for unknown devices and applications, validate them against a trusted reference point, and quickly remediate weak or unsafe configurations,” said Melancon. “Standards, machine-to-machine learning, and continuous security configuration management can significantly accelerate progress toward this goal.”
Melancon’s recommendations can assist IT professionals in securing the Internet of Things (IoT). Even so, the challenges of IoT security in many cases extend beyond individuals working in information security.
Another study conducted by Atomik Research on behalf of Tripwire revealed that only a minority of executives in the retail, energy, and financial service industries believe that the risks associated with IoT will become the most significant threats on their networks.
To adequately meet the expanding threat landscape under IoT, security professionals must therefore work to improve the cyber literacy of their organizations’ Board of Directors and executives, as a number of experts in association with Tripwire recommend here.
In the meantime, security professionals can work to improve their organizations’ security with respect to IoT, as Ken Westin, senior security and threat analyst at Tripwire, explains.
“One of the most positive findings is that retail organizations can dramatically improve security by focusing on a few key security fundamentals,” comments Westin. “After all, you can’t keep anything secure if you don’t know it’s on your network.”
For more information about Tripwire’s recent survey, please click here.