A new Deloitte survey among IT security professionals found that almost half (48%) of them recognize the importance of embedding DevSecOps throughout the life cycle of Internet-of-things (IoT) development and of cooperating with legal, procurement, and compliance across deployments. About the same number of respondents (51%) expressed mild confidence in the ability of their organization to adequately secure IoT products, while a mere 18% said they were very confident about this.
Deloitte identifies the following top ten IoT/IIoT (industrial IoT) security risks for organizations:
- Not having a security and privacy program
- Lack of ownership/governance to drive security and privacy
- Security not being incorporated into the design of products and ecosystems
- Insufficient security awareness and training for engineers and architects
- Lack of IoT/IIoT and product security and privacy resources
- Insufficient monitoring of devices and systems to detect security events
- Lack of post-market/ implementation security and privacy risk management
- Lack of visibility of products or not having a full product inventory
- Identifying and treating risks of fielded and legacy products
- Inexperienced/immature incident response processes
Read more: Top 10 IoT security risks for businesses
