SANS Industrial IoT Security Survey Finds Practitioners Struggling to Identify What's on Their Networks, How to Secure Things and Organizational Roles in IIoT Security

BETHESDA, Md., July 11, 2018 /PRNewswire-USNewswire/ -- The Industrial Internet of Things (IIoT) has opened many security concerns, confusion about what constitutes an endpoint and unrealistic perspectives on protecting systems and data, according to the 2018 SANS Industrial IoT Security Survey report, available July 19.

More than half of those taking the SANS survey reported that the most vulnerable aspects of their infrastructure are data, firmware, embedded systems or general endpoints. At the same time, respondents indicated that the debate continues over the definition of an IIoT endpoint.

"The discrepancy in defining IIoT endpoints is the basis for some of the confusion surrounding responsibility for IIoT security," according to Doug Wylie, Director of the Industrials & Infrastructure Business Portfolio at SANS Institute. "Many practitioners likely are not adequately identifying and managing the numerous assets that in some way connect to networks—and present a danger to their organizations. For this reason, it is important for company IT and OT groups to agree to a common definition to help ensure they adequately identify security risks as they evolve their systems to adapt to new architectural models."

The survey uncovered other potential endpoint issues. For example, only 40% said they apply and maintain patches and updates to protect IIoT devices and systems, and 56% noted difficulty in patching as one of the greatest security challenges. Almost 40% said identifying, tracking and managing devices represented another significant security challenge.

Finally, the survey unveiled a chasm between the OT, IT and management perceptions of IIoT security. Only 64% of OT departments reported being somewhat-confident or confident in their ability to secure their IIoT infrastructure, as opposed to 83% of IT department respondents and 93% of company leaders.

"What really jumped out was the disparity in confidence as to how secure IIoT really is," said Barbara Filkins, SANS Analyst Program Research Director and survey report author. "This disparity represents a major cultural change in how industrial organizations must approach the security risks in a world of IIoT."

Full results will be shared during a July 19, 2018 webcast hosted by SANS at 1 PM EDT (UTC-4), sponsored by Accenture Security, ForeScout Technologies, Inc., and Indegy. Register to attend the webcast at www.sans.org/webcasts/106900

Those who register for the webcast will also receive access to the published results paper developed by Barbara Filkins with input from Doug Wylie, Director of the Industrials & Infrastructure Business Portfolio at SANS Institute.

Tweet This:
Different views among IT, OT and management affect readiness to protect IIoT endpoints | Register to learn more on July 19 | www.sans.org/webcasts/106900

Industrial IoT endpoints are a concern; networks provide control | Survey results released July 19 | Register at www.sans.org/webcasts/106900

SANS Industrial IoT Survey results released | July 19 at 1 PM Eastern | Register at www.sans.org/webcasts/106900

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

SOURCE SANS Institute

Related Links

http://www.sans.org