iconimage - Fotolia

Less than a third of organisations prepared for IoT security risks

The security industry needs to address the security basics with the growing number of IoT devices in corporate networks, according to security firm Tripwire

Less than a third of organisations are prepared for security risks associated with devices making up the internet of things (IoT), a survey has revealed.

Only 34% of the respondents believe their organisations accurately track the number of IoT devices on their networks, according to the survey by security firm Tripwire that polled more than 220 information security professionals at Black Hat USA 2016.

According to Cisco, the number of connected devices is projected to increase to more than 50 billion by 2020 but, despite their popularity, IoT devices present significant and unique security risks to consumers and businesses.

In January 2016, Chema Alonso, global head of security at Telefónica, told Computer Weekly that shadow IT is a big problem in the enterprise, and he predicts that “shadow IoT” will become a big problem if enterprises do not build or buy in the capacity to monitor and analyse all devices and services connecting to the corporate network.

Arbor Networks reported in June 2016 that distributed denial of service (DDoS) attacks have grown both in size and frequency, due in part to the rising number of connected devices.

The survey revealed 47% of respondents expect the number of IoT devices on their networks to increase by at least 30% in 2017, while 78% respondents are concerned about the weaponisation of IoT devices in the use of DDoS attacks.

However, only 11% of respondents ranked DDoS attacks as being one of the top two security threats being faced by their organisation.

The highest proportion of votes went to phishing (22%), followed by cyber espionage (20%) and ransomware (19%).

Read more about IoT security

“The internet of things presents a clear weak spot for an increasing number of information security organisations,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire.

“As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks. By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced,” he said.

“It wasn’t so long ago that home computer ‘zombie armies’ were the weapon of choice for a lot of cyber attacks and denial of service attacks,” said Dwayne Melancon, chief technology officer and vice-president of research and development for Tripwire.

“It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern. That makes sense, since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets,” he said.

The large number of easily compromised devices, said Melancon, will require a new approach if the most critical networks are to be secured.

“Organisations must respond with low-cost, automated and highly resilient methods to manage the security risk of these devices successfully at scale,” he said.

Read more on Hackers and cybercrime prevention