A survey by cybersecurity company Tripwire has found that, amid the growth of connected devices, many organisations are unprepared for IoT security risks.Tripwire conducted a survey of over 220 information security professionals who attended Black Hat USA 2016, with just 30 per cent of respondents stating that their organisations are prepared for the security risks associated with IoT devices.
Additionally, just 34 per cent of the respondents stated that they believe their organisations accurately track the number of IoT devices on their networks.
“The Internet of Things presents a clear weak spot for an increasing number of information security organisations,” Tim Erlin, Tripwire director of IT security and risk strategy, commented.
“As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks. By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced.”
The survey also found that 78 per cent of respondents are concerned about the weaponisation of IoT devices in the use of DDoS attacks, while 47 per cent expect the number of IoT devices on their networks to increase by at least 30 per cent in 2017.
Meanwhile, only 11 per cent of the respondents consider DDoS attacks one of the top two security threats their organisations face.
“It wasn’t so long ago that home computer ‘zombie armies’ were the weapon of choice for a lot of cyber-attacks and denial of service attacks,” Dwayne Melancon, Tripwire chief technology officer and vice president of research and development, commented.
“It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern. That makes sense, since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets.
“The large number of easily compromised devices will require a new approach if we are to secure our critical networks. Organisations must respond with low-cost, automated and highly resilient methods to successfully manage the security risk of these devices at scale.”