More than half of workers in critical industrial sectors have experienced “severe security incidents” that have led to data loss or system downtime, and industrial IoT devices have been blamed. A new poll by US operator Verizon of 600-odd executives in charge of security strategy and management acknowledges there are issues with mobile devices, too, but points the finger at increasing numbers of IoT sensors and monitors – “especially as remote work continues to be a trend” – and suggests that enterprises expect and fear new “AI-assisted attacks”.
TJ Fox, senior vice president of industrial IoT and automotive at Verizon Business, said: “Industrial IoT is giving rise to a massive expansion in mobile device technology that goes well beyond phones, tablets, and laptops. Enterprise networks now include all sorts of sensors and purpose-built devices that monitor, measure, manage, and control commercial tasks and data flow. That growth brings with it a proportionate need for more knowledge, awareness and IT solutions to ensure the security of those increasingly sophisticated networks.”
The poll – the 2024 version of Verizon’s annual Mobile Security Index (MSI), for the first time covering cybersecurity in enterprise and industrial IoT networks as well – finds that four in five (80 percent) of well-placed company execs (respondents) think mobile devices are “critical to their operations”, and that almost all of their companies (95 percent) are actively using IoT devices. Within critical infrastructure, that IoT statistic rises marginally to 96 percent, of which half (53 percent) claim to have experienced a “significant mobile or IoT device-related security incident”.
Four in five (77 percent of) respondents anticipate that AI-assisted attacks – “such as deep fakes and SMS phishing”, associated with more regular work devices – are “likely to succeed”. Again, the figure goes up – to nine in 10 (88 percent) – for companies handling critical infrastructure. The message, unsurprisingly, is that more connected devices mean more security risks, and that the perceived risk is greater for companies running mission- and business- critical Industry 4.0 operations – “where the consequences of security breaches can be catastrophic”.
As well, the message from Verizon Business is to get a proper handle of the risk. Fox said: “The growing importance that IoT plays in our customer’s technology ecosystem underscores why it should be a component in any sound cybersecurity program.” It talks about the importance of adopting zero-trust frameworks, such as the ‘cybersecurity framework’ from the National Institute of Standards and Technology (NIST), and compliance with mandates like the European Union’s NIS2 Directive. The survey is available here.
In response to growing security threats, it finds that 84 percent of respondents said they have increased their mobile device security spending over the past year; 89 percent of critical infrastructure respondents plan further increases. In a supplied quote, Phil Hochmuth, vice president of research at IDC, said: “These findings highlight the friction… as more and more work is done on personal mobile devices. This is why we are seeing more and more employers move from a pure bring-your-own-device model to employer-provided devices.”