Networking / Data Acquisition & Monitoring / Remote Monitoring & Access

How risk-resistant are you?

The IIoT is coming; you will be assimilated

By Mike Bacidore, chief editor

We’re constantly worrying about threats from disgruntled or careless internal employees, but what about those who’ve already left the company?

How secure is your sensitive data? As the benefits of the Industrial Internet of Things (IIoT) become more apparent, data-sharing practices continue on a path toward Borg-like ubiquity.

Resistance may be futile, but it’s important to understand and manage the risks of assimilation.

The 2018 Global State of Information Security Survey (GSISS) from PwC indicates two-thirds of organizations have an IoT strategy either in place or currently being implemented. But only around one-third have uniform cybersecurity standards and policies for IoT devices and systems; new data collection, retention and destruction policies; or assessment practices for device and system interconnecticity and vulnerability across the business ecosystem. That would seem to identify a 33% gap between understanding and managing cybersecurity risks.

A new study from Varonis reveals the manufacturing industry still has a long way to go locking down sensitive data. The study, Data Gets Personal: 2019 Global Data Risk Report, includes results from data-risk assessments performed on more than 700 companies in 30+ industries. It shines a spotlight on data breaches, insider threats and crippling malware attacks. The report reveals manufacturing organizations had more than 20% of sensitive files and folders exposed. Additionally, manufacturing companies had an average of 2,264 exposed, sensitive files and 32,146 exposed folders per terabyte of data.

RELATED GUIDE: Control design for smart machines

Some noteworthy findings include:

  • 38% of users had passwords that never expire, up from 10% the previous year

  • 22% of a company’s folders are accessible, on average, to every employee

  • 53% of companies made more than 1,000 sensitive files accessible to every employee, up from 41% in 2018

  • 38% of users had passwords that never expire, up from 10% the previous year

  • 50% of accounts are stale “ghost” users that allow former employees to log in and access information.

That’s the scariest finding of all—half of user accounts are no longer employees. We’re constantly worrying about threats from disgruntled or careless internal employees, but what about those workers who’ve gone rogue and already left the company?

It’s time to stop resisting the IIoT and start resisting the risks that come with indifferent data-security policies. One way or another, you will be assimilated.