SANS Industrial IoT Security Survey Finds Practitioners Struggling to Identify Whats on Their Networks, How to Secure Things and Organizational Roles in IIoT Security

Bethesda, Md. – The Industrial Internet of Things (IIoT) has opened many security concerns, confusion about what constitutes an endpoint and unrealistic perspectives on protecting systems and data, according to the 2018 SANS Industrial IoT Security Survey report, available July 19.

More than half of those taking the SANS survey reported that the most vulnerable aspects of their infrastructure are data, firmware, embedded systems or general endpoints. At the same time, respondents indicated that the debate continues over the definition of an IIoT endpoint.

"The discrepancy in defining IIoT endpoints is the basis for some of the confusion surrounding responsibility for IIoT security," according to Doug Wylie, Director of the Industrials & Infrastructure Business Portfolio at SANS Institute. "Many practitioners likely are not adequately identifying and managing the numerous assets that in some way connect to networksand present a danger to their organizations. For this reason, it is important for company IT and OT groups to agree to a common definition to help ensure they adequately identify security risks as they evolve their systems to adapt to new architectural models."

The survey uncovered other potential endpoint issues. For example, only 40% said they apply and maintain patches and updates to protect IIoT devices and systems, and 56% noted difficulty in patching as one of the greatest security challenges. Almost 40% said identifying, tracking and managing devices represented another significant security challenge.

Finally, the survey unveiled a chasm between the OT, IT and management perceptions of IIoT security. Only 64% of OT departments reported being somewhat-confident or confident in their ability to secure their IIoT infrastructure, as opposed to 83% of IT department respondents and 93% of company leaders.

"What really jumped out was the disparity in confidence as to how secure IIoT really is," said Barbara Filkins, SANS Analyst Program Research Director and survey report author. "This disparity represents a major cultural change in how industrial organizations must approach the security risks in a world of IIoT."

Full results will be shared during a July 19, 2018 webcast hosted by SANS at 1 PM EDT (UTC-4), sponsored by Accenture Security, ForeScout Technologies, Inc., and Indegy. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by Barbara Filkins with input from Doug Wylie, Director of the Industrials & Infrastructure Business Portfolio at SANS Institute.

Tweet This:

Different views among IT, OT and management affect readiness to protect IIoT endpoints | Register to learn more on July 19 |

Industrial IoT endpoints are a concern; networks provide control | Survey results released July 19 | Register at

SANS Industrial IoT Survey results released | July 19 at 1 PM Eastern | Register at

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (