Organizations of all types and sizes are embracing the industrial internet of things (IIoT), the connected devices in key infrastructure segments such as energy, utilities, government, healthcare and finance. That growth
hasn't gone unnoticed: Cyber-security threats against the IIoT are rising. Virtually all the security experts participating in a recent survey expect an increase in IIoT attacks this year, and they don't believe they are ready for the onslaught. Those are among the major findings of the "Foundational Controls and IIoT" study released by Tripwire, a provider of security, compliance and IT operations solutions. As industrial companies pursue the IIoT, threats can affect critical operations such as utilities and healthcare, threatening safety and the availability of services such as the electrical grid. The study's authors recommend that organizations stress the fundamentals of security, rather than seeking new security controls. David Meltzer, chief technology officer at Tripwire, explained, "Cyber-threats are dynamic, so no one security control will be the all-encompassing solution. IT teams need to apply security controls and best practices to new environments. Securing IoT devices—from pushing industry vendors to embed security in IoT devices, to securing configurations for hardware and software—and controlling use of administrative privileges will go a long way toward laying a foundation for IoT security." Dimensional Research conducted the survey, which includes responses from 403 participants with responsibility for IT security at companies with more than 1,000 employees, most in the United States, but some in the United Kingdom, Canada and Europe.