Palo Alto Networks commissioned market researcher Vanson Bourne to poll 1350 IT business decision makers in 14 countries, and the Australian results make interesting reading.
A huge majority – 94% – of respondents claimed visibility of all IoT devices connecting to their organisation's network, but only 52% were completely confident of this ability.
But 97% said they need to improve IoT security. Worryingly, those improvements aren't marginal: 45% want a lot of improvement, and more than one in ten call for a complete overhaul.
Not surprisingly, more than half report a growing number of such devices on their networks, with more than a third saying the increase was significant.
And there's some question whether many of the devices should be on the network at all. More than half had detected medical devices such as heart or diabetes monitors (we're not told how many respondents work in the health sector), 40% had seen desk toys such as smart teddy bears and robots, and only slightly fewer reported the presence of connected kitchen devices (kettles, coffee machines, heated coffee cups, etc).
Analysis of Asia-Pacific regional results showed nearly one in four respondents at organisations with at least 1,000 employees reported said they haven't segmented IoT devices onto separate networks, and even fewer (21%) said they follow best practice by using micro-segmentation to contain IoT devices to their own tightly controlled security zones.
"When it comes to IoT devices, we need to take a zero-trust approach, which should be at the heart of every company's IoT connected strategy. That means defining the purpose of every device and object linked to a network and setting boundaries, so it only connects to parts of the network that help it serve that purpose," said Palo Alto Networks vice president and APJ regional CSO Sean Duca.
"Employees are innocently bringing devices onto their organisation's network without realising that often, those are not designed and built with security in mind which could be a cybercriminal's inroad to compromising your systems. Businesses need to realise that an IoT security strategy is just as important as any other growth plan as the risks are often as costly if not more so."
The findings follow a recent report from Trend Micro that almost half (49%) of Australian remote workers have IoT devices connected to their home network, some of which could be used as stepping stones into corporate networks.