Almost half of UK businesses are vulnerable to IoT hacking

IT managers often neglect to change the default password - but want to increase the spend on IoT devices

2.7 million firms in the UK are leaving their corporate networks vulnerable due to insecure IoT devices, ForeScout research has shown.

Almost half (47 per cent) of the 500 CIOs and IT managers who took part told ForeScout that they allowed IoT devices onto their corporate network without changing the default password - equating to about 2.7 million businesses out of the UK's 5.7 million total.

15 per cent of respondents also admitted that that had not kept security patches up to date on all of their connected enterprise devices.

Visibility should also be a concern, said ForeScout. The research showed that only 54 per cent of firms had ‘total confidence' in being able to identify every device on their network.

This threat is expected to increase; analysts expect the total number of devices on corporate networks to reach 29 billion by 2020, up from just 6.6 billion today. The survey showed that 40 per cent of respondents are planning to increase their operational technology spend on connected devices - although seven in 10 IT managers said that they are concerned about the security implications.

"The convergence between IT and OT is where businesses are looking to drive some major efficiency gains in 2018, but it makes the challenge of knowing exactly what devices are on your network that much harder," said Myles Bray, VP EMEA at ForeScout. "IoT has expanded the attack surface considerably for all firms, and without basic security hygiene it is easy for bad actors to gain a foothold and then move laterally on a network to reach high-value assets and cause business disruption. With GDPR just around the corner businesses need to act now."