News

Global study reveals that 75% of APAC IT Security Teams believe that their IoT devices are not secure

By
Posted on

Research by Aruba
and Ponemon Institute shows that security teams view Artificial Intelligence as
the key cybersecurity weapon in the IoT Era

HONG KONG, CHINA -�Media
OutReach�- October 5, 2018 - A new global research study conducted by the Ponemon Institute on behalf of Aruba, a Hewlett
Packard Enterprise company (NYSE:HPE), has found that the majority of IT
security teams believe that a key gap in their company's overall security
strategy is their inability to identify attacks that use IoT devices as the
point of entry. In fact, more than three-quarters of respondents believe their
IoT devices are not secure, with 75 percent stating even simple IoT devices
pose a threat. Two-thirds of respondents admitted they have little or no
ability to protect their "things" from attacks.

The Ponemon
Institute study, entitled "Closing the IT Security
Gap with Automation & AI in the Era of IoT," surveyed 4,000 security and IT professionals
across the Americas, Europe and Asia to understand what makes security deficiencies
so hard to fix, and what types of technologies and processes are needed to stay
a step ahead of bad actors within the new threat landscape.

The research
revealed that in the quest to protect data and other high-value assets,
security systems incorporating machine learning and other AI-based technologies
are essential for detecting and stopping attacks that target users and IoT
devices. The majority of APAC respondents agree that security products with AI
functionality will help to:

  • Reduce false alerts (66 percent)
  • Increase their team's effectiveness (62 percent)
  • Provide greater investigation efficiencies (57
    percent)
  • Advance their ability to more quickly discover
    and respond to stealthy attacks that have evaded perimeter defense systems (53
    percent)

Twenty-nine
percent of APAC respondents said they currently use some form of
machine-learning or other AI-based security solution, with another 29 percent
stating they plan on deploying these types of products within the next 12
months. Continuous monitoring of network traffic, closed-loop detection and
response systems, and detecting behavioral anomalies among peer groups of IoT
devices, were cited as the most effective approaches to better protect their
environments.

Current Security Tools are not Enough

"Despite massive
investments in cybersecurity programs, our research found most businesses are
still unable to stop advanced, targeted attacks -- with 59 percent believing
they are not realizing the full value of their defense arsenal, which ranges
from 10 to 75 security solutions," said Larry Ponemon, chairman, Ponemon
Institute. "The situation has become a 'perfect storm,' with nearly half of
respondents saying it's very difficult to protect complex and dynamically
changing attack surfaces, especially given the current lack of security staff
with the necessary skills and expertise to battle today's persistent,
sophisticated, highly trained, and well-financed attackers. Against this
backdrop, AI-based security tools, which can automate tasks and free up IT
personnel to manage other aspects of a security program, were viewed as critical
for helping businesses keep up with increasing threat levels."

IoT and Cloud Adds Significant Risk

Survey results also highlighted the importance of visibility and the ability
to define which resources that people and IoT devices can access, with 48
percent of APAC respondents stating network access control is an important
element of their company's overall security strategy and critical for reducing
the reach of inside exploits. Globally, this number stands at 65 percent, revealing
that the APAC region is placing significantly less emphasis on NAC than their
global counterparts.In addition, even
though 74 percent of APAC respondents say that their organizations deploy NAC,
it is alarming to find out that only 16 percent of them are
confident that they know all the users and devices connected to their network
all the time.

Additionally,
more than half of global respondents said it's hard to protect expanding and
blurring IT perimeters resulting from requirements to concurrently support IoT,
BYOD, mobile, and cloud initiatives (55%).

Even the
ownership model for IoT security presents potential risk. When asked who inside
their organization was responsible for IoT security, responses ranged from the
CIO, CISO, CTO, and line-of-business leaders, with no majority consensus. Only
33 percent identified the CIO, with no other executive or functional group
achieving response totals above 20 percent. Surprisingly, "No Function" was the
third-highest answer (15 percent).

"Partnering
with the Ponemon Institute helps us to improve customer experiences by better
understanding security teams' challenges, and then arming them with advanced
solutions that enable quick identification and responses to an ever-changing
threat landscape," said Kenneth Ma, director and general manager of Hong Kong
and Macau, Aruba, a Hewlett Packard Enterprise company. "The insight gained
from this study enables us to continually improve our ability to provide an
enterprise wired and wireless network security framework with an integrated and
more comprehensive approach for gaining back visibility and control."

Additional Asset

  • Aruba blog: After
    all the Hard Work, Why Does the Security Gap Still Exist?
  • Infographic: What's threatening IT security and what are
    people doing about it?

About Aruba, a Hewlett Packard Enterprise company

Aruba, a Hewlett Packard Enterprise company, is a leading
provider of next-generation networking solutions for enterprises of all sizes
worldwide. The company delivers IT solutions that empower organizations to
serve the latest generation of mobile-savvy users who rely on cloud-based
business apps for every aspect of their work and personal lives.

To learn more, visit Aruba at�http://www.arubanetworks.com. For real-time news updates follow Aruba on�Twitter�and�Facebook,
and for the latest technical discussions on mobility and Aruba products visit
Airheads Social at�http://community.arubanetworks.com.

About Ponemon Institute

Ponemon Institute is dedicated to advancing responsible
information and privacy management practices in business and government. To
achieve this objective, the Institute conducts independent research, educates
leaders from the private and public sectors and verifies the privacy and data
protection practices of organizations in a variety of industries. For more
information, please visit https://www.ponemon.org/

More from miscw.com

To Top