iconimage - Fotolia
Less than a third of organisations are prepared for security risks associated with devices making up the internet of things (IoT), a survey has revealed.
Only 34% of the respondents believe their organisations accurately track the number of IoT devices on their networks, according to the survey by security firm Tripwire that polled more than 220 information security professionals at Black Hat USA 2016.
According to Cisco, the number of connected devices is projected to increase to more than 50 billion by 2020 but, despite their popularity, IoT devices present significant and unique security risks to consumers and businesses.
In January 2016, Chema Alonso, global head of security at Telefónica, told Computer Weekly that shadow IT is a big problem in the enterprise, and he predicts that “shadow IoT” will become a big problem if enterprises do not build or buy in the capacity to monitor and analyse all devices and services connecting to the corporate network.
The survey revealed 47% of respondents expect the number of IoT devices on their networks to increase by at least 30% in 2017, while 78% respondents are concerned about the weaponisation of IoT devices in the use of DDoS attacks.
However, only 11% of respondents ranked DDoS attacks as being one of the top two security threats being faced by their organisation.
The highest proportion of votes went to phishing (22%), followed by cyber espionage (20%) and ransomware (19%).
Read more about IoT security
- Cyber crime defences are lagging behind IoT development, which could be disastrous for producers and consumers alike, warns Telefónica report
- Growth of the internet of things will be slowed or stunted if the industry fails to be proactive about data security, according to IoT Security Foundation.
- The influx of internet of things devices will inevitably bring security headaches. Don’t miss out on the opportunities of IoT, but learn how to avoid IoT security issues.
- The five key information security risks associated with the internet of things that businesses can and should address.
“The internet of things presents a clear weak spot for an increasing number of information security organisations,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire.
“As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks. By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced,” he said.
“It wasn’t so long ago that home computer ‘zombie armies’ were the weapon of choice for a lot of cyber attacks and denial of service attacks,” said Dwayne Melancon, chief technology officer and vice-president of research and development for Tripwire.
“It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern. That makes sense, since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets,” he said.
The large number of easily compromised devices, said Melancon, will require a new approach if the most critical networks are to be secured.
“Organisations must respond with low-cost, automated and highly resilient methods to manage the security risk of these devices successfully at scale,” he said.