Global study reveals that 75% of APAC IT Security Teams believe that their IoT devices are not secure

October 05, 2018 - 04:51
Global study reveals that 75% of APAC IT Security Teams believe that their IoT devices are not secure

Research by Arubaand Ponemon Institute shows that security teams view Artificial Intelligence asthe key cybersecurity weapon in the IoT Era


HONG KONG, CHINA - MediaOutReach - October 5, 2018 - A new global research study conducted by the Ponemon Institute on behalf of Aruba, a HewlettPackard Enterprise company (NYSE:HPE), has found that the majority of ITsecurity teams believe that a key gap in their company's overall securitystrategy is their inability to identify attacks that use IoT devices as thepoint of entry. In fact, more than three-quarters of respondents believe theirIoT devices are not secure, with 75 percent stating even simple IoT devicespose a threat. Two-thirds of respondents admitted they have little or noability to protect their "things" from attacks.


The PonemonInstitute study, entitled "Closing the IT SecurityGap with Automation & AI in the Era of IoT," surveyed 4,000 security and IT professionalsacross the Americas, Europe and Asia to understand what makes security deficienciesso hard to fix, and what types of technologies and processes are needed to staya step ahead of bad actors within the new threat landscape.


The researchrevealed that in the quest to protect data and other high-value assets,security systems incorporating machine learning and other AI-based technologiesare essential for detecting and stopping attacks that target users and IoTdevices. The majority of APAC respondents agree that security products with AIfunctionality will help to:


  • Reduce false alerts (66 percent)
  • Increase their team's effectiveness (62 percent)
  • Provide greater investigation efficiencies (57percent)
  • Advance their ability to more quickly discoverand respond to stealthy attacks that have evaded perimeter defense systems (53percent)


Twenty-ninepercent of APAC respondents said they currently use some form ofmachine-learning or other AI-based security solution, with another 29 percentstating they plan on deploying these types of products within the next 12months. Continuous monitoring of network traffic, closed-loop detection andresponse systems, and detecting behavioral anomalies among peer groups of IoTdevices, were cited as the most effective approaches to better protect theirenvironments.


Current Security Tools are not Enough


"Despite massiveinvestments in cybersecurity programs, our research found most businesses arestill unable to stop advanced, targeted attacks -- with 59 percent believingthey are not realizing the full value of their defense arsenal, which rangesfrom 10 to 75 security solutions," said Larry Ponemon, chairman, PonemonInstitute. "The situation has become a 'perfect storm,' with nearly half ofrespondents saying it's very difficult to protect complex and dynamicallychanging attack surfaces, especially given the current lack of security staffwith the necessary skills and expertise to battle today's persistent,sophisticated, highly trained, and well-financed attackers. Against thisbackdrop, AI-based security tools, which can automate tasks and free up ITpersonnel to manage other aspects of a security program, were viewed as criticalfor helping businesses keep up with increasing threat levels."


IoT and Cloud Adds Significant Risk


Survey results also highlighted the importance of visibility and the abilityto define which resources that people and IoT devices can access, with 48percent of APAC respondents stating network access control is an importantelement of their company's overall security strategy and critical for reducingthe reach of inside exploits. Globally, this number stands at 65 percent, revealingthat the APAC region is placing significantly less emphasis on NAC than theirglobal counterparts.  In addition, eventhough 74 percent of APAC respondents say that their organizations deploy NAC,it is alarming to find out that only 16 percent of them areconfident that they know all the users and devices connected to their networkall the time.


Additionally,more than half of global respondents said it's hard to protect expanding andblurring IT perimeters resulting from requirements to concurrently support IoT,BYOD, mobile, and cloud initiatives (55%).


Even theownership model for IoT security presents potential risk. When asked who insidetheir organization was responsible for IoT security, responses ranged from theCIO, CISO, CTO, and line-of-business leaders, with no majority consensus. Only33 percent identified the CIO, with no other executive or functional groupachieving response totals above 20 percent. Surprisingly, "No Function" was thethird-highest answer (15 percent).


"Partneringwith the Ponemon Institute helps us to improve customer experiences by betterunderstanding security teams' challenges, and then arming them with advancedsolutions that enable quick identification and responses to an ever-changingthreat landscape," said Kenneth Ma, director and general manager of Hong Kongand Macau, Aruba, a Hewlett Packard Enterprise company. "The insight gainedfrom this study enables us to continually improve our ability to provide anenterprise wired and wireless network security framework with an integrated andmore comprehensive approach for gaining back visibility and control."


Additional Asset



About Aruba, a Hewlett Packard Enterprise company

Aruba, a Hewlett Packard Enterprise company, is a leadingprovider of next-generation networking solutions for enterprises of all sizesworldwide. The company delivers IT solutions that empower organizations toserve the latest generation of mobile-savvy users who rely on cloud-basedbusiness apps for every aspect of their work and personal lives.


To learn more, visit Aruba at For real-time news updates follow Aruba on Twitter and Facebook,and for the latest technical discussions on mobility and Aruba products visitAirheads Social at


About Ponemon Institute

Ponemon Institute is dedicated to advancing responsibleinformation and privacy management practices in business and government. Toachieve this objective, the Institute conducts independent research, educatesleaders from the private and public sectors and verifies the privacy and dataprotection practices of organizations in a variety of industries. For moreinformation, please visit