Less Than 1/3 of Organizations Prepared for IoT Risks

Less than one-third of organizations are prepared for security risks stemming from the Internet of Things (IoT), according to a Tripwire survey of information security professionals who attended Black Hat USA 2016. When asked if their organizations are prepared for the security risks associated with IoT devices, less than one-third (30 percent) of the respondents said, “yes.” In addition, only 34 percent of the respondents believe their organizations accurately track the number of IoT devices on their networks.

According to Cisco, the number of connected devices is projected to increase to more than 50 billion by 2020. Despite their popularity, IoT devices present significant and unique security risks to consumers and businesses. For example, Arbor Networks recently reported that distributed denial of service (DDoS) attacks have grown both in size and frequency, due in part to the rising number of connected devices.

“The Internet of Things presents a clear weak spot for an increasing number of information security organizations,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire. “As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks. By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced.”

Additional findings from the survey included:

• Seventy-eight percent of the respondents are concerned about the weaponization of IoT devices in the use of DDoS attacks.
• Nearly half (47 percent) of the respondents expect the number of IoT devices on their networks to increase by at least 30 percent in 2017.
• Only 11 percent of the respondents consider DDoS attacks one of the top two security threats their organizations face.

“It wasn't so long ago that home computer ‘zombie armies’ were the weapon of choice for a lot of cyber attacks and denial of service attacks,” said Dwayne Melancon, chief technology officer and vice president of research and development for Tripwire. “It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern. That makes sense, since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets. The large number of easily compromised devices will require a new approach if we are to secure our critical networks. Organizations must respond with low-cost, automated and highly resilient methods to successfully manage the security risk of these devices at scale.”