Features Research
Tripwire Study: 96 per cent of IT security pros foresee more IIoT cyber security attacks

IIoT are the connected devices in critical infrastructure segments such as energy, utilities, government, healthcare and finance. Tripwire’s study revealed that:

• 96 per cent of those surveyed expect to see an increase in security attacks on IIoT in 2017.
• 51 per cent said they do not feel prepared for security attacks that abuse, exploit or maliciously leverage insecure IIoT devices.
• 64 per cent said they already recognize the need to protect against IIoT attacks, as they continue to gain popularity among hackers.
 
“Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” said David Meltzer, chief technology officer at Tripwire. “There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations.”

The study’s respondents were also asked how they expect their organizations’ deployment of IIoT devices to change, and how it will affect their level of vulnerability:

• 90 per cent expect IIoT deployment to increase.
• 94 per cent expect IIoT to increase risk and vulnerability in their organizations.
• When respondents were broken down by company size, both larger companies (96 per cent) and smaller companies (93 per cent) expect a significant increase in risk caused by the use of IIoT.
 
“IIoT ultimately delivers value to organizations, and that’s why we’re seeing an increase in deployments. Security can’t be an industry of ‘no’ in the face of innovation, and businesses can’t be effective without addressing risks,” Meltzer continued. “The apparent contradiction of known risks and continued deployment demonstrates that security and operations need to co-ordinate on these issues… Organizations don’t need to find new security controls, rather they need to figure out how to apply security best practices in new environments.”

The study was commissioned by Tripwire and carried out by Dimensional Research in January 2017. According to Tripwire, a total of 403 qualified participants completed the survey and all participants had responsibility for IT security as a significant part of their job and worked at companies with more than 1,000 employees. Survey respondents were based in Canada (28), the United States (278), the United Kingdom (44) and Europe (53).