Thursday, 16th July 2020

IoT attacks - more planning required

Fewer than half of cybersecurity professionals have a plan in place to deal with IoT attacks, despite the fact that ninety percent worry about future threats.

Fewer than half (47%) of cybersecurity professionals have a plan in place to deal with attacks on their IoT devices and equipment, despite that fact that nine out of ten express concerns over future threats, according to new research from the Neustar International Security Council (NISC).

These findings come at a time in which 48% of organisations admitted to experiencing a cyberattack against their IoT or connected devices and equipment in the last year alone. Just over a quarter (27%) reported feeling ‘very confident’ that their personnel would know how to protect against such attacks, while 38% claimed they are currently in the process of developing a plan.

“With IoT devices and equipment now being such a fundamental part of business, organisations are continuing to connect more devices to their networks, resulting in an increased attack surface. This not only opens businesses up to more attacks, it also gives malicious actors new opportunities to breach security systems,” said Rodney Joffe, Chairman of NISC and, Security CTO at Neustar. “In most cases, IoT devices have been built by third party vendors, meaning that the companies using these IoT devices do not have the knowledge of how they have been created or what security measures they have in place.”

“It’s crucial, therefore, to understand that the IoT has essentially been built on top of infrastructure that is vulnerable, making every organisation a target. Recognising exactly what data needs protecting is a key factor for developing an organised and cohesive security strategy. This way businesses can successfully focus on their more vulnerable data, processes and models – guarding valuable information from any and all IoT attacks moving forward. On a more granular level, businesses must ensure the appropriate controls are in place for threat vulnerability and patch management while also ensuring that important data is identified and encrypted,” added Joffe.

International Cyber Benchmarks Index to Sep 2019

The latest NISC report also found threats are continuing to elevate across vectors. The International Cyber Benchmarks Index, which reflects the overall state of the cybersecurity landscape, has followed a steady upward trajectory since its inception, reaching a new record of 26.9 in September 2019.

The NISC survey asked security professionals to rank a list of cyberthreats from highest concern to lowest concern. System compromise was reported as the top concern by 22% of respondents, edging out distributed denial of service (DDoS) attacks (21%) and ransomware (20%).

Social engineering via email was most likely to be perceived as a growing threat (55% of respondents reported seeing an increase in July/August 2019), followed by DDoS attacks and ransomware (both 54%) and generalised phishing (53%).

McAfee ESM Cloud removes traditional barriers to SecOps efficiency; accelerates digital transformati...
Overwork and burnout are very real issues for the IT security industry in 2020, according to the Cha...
Bitglass, the Total Cloud Security company, has released its 2020 BYOD Report, which analyses enterp...
According to The State of Cloud Security 2020, a global survey from next-generation cybersecurity le...
MobileIron Threat Defense includes multi-vector threat detection and remediation to protect iOS and...
Partnership enables security teams to identify unmanaged assets connecting to the corporate network,...
Survey reveals users take security training seriously, but may still engage in risky behaviour.
Netwrix survey reveals that 33% of financial organisations discovered sensitive data in insecure sto...