Risk and concern surrounding the Internet of Things (IoT) continues to grow, while related security resources and visibility into connected devices stagnates, according to new research sponsored by Pwnie Express, the wireless threat detection solutions provider.
As a result, even with awareness of vulnerable devices at an all time high, information security professionals are not ready or equipped to address the growing threat of the IoT, the research suggests.
According to the report, today, 86% of information security professionals are concerned about connected device threats, with 50% either ‘very’ or ‘extremely concerned’.
Furthermore, the majority (67%) are more worried about connected device threats than they were a year ago, with first- hand experience driving heightened concern - 55% have witnessed an attack via wireless device, and 38% have witnessed an attack via mobile device.
Due to the proliferation of wireless and mobile devices and the prevalence of BYOD and BYOx environments, IT security professionals are lacking visibility, as 37% can’t even tell how many devices are connected to their networks. Additionally, 40% note their organisation is ‘unprepared’ or ‘not prepared at all’ to find connected device threats.
On top of this:
Subsequently, the vast majority (71%) is concerned with devices in a default, misconfigured, or vulnerable state, including devices with default passwords and ‘wide-open’ settings. Additionally, more than half (51%) are concerned about unauthorised mobile devices, access points and wearables. Corporate sponsored BYOD is also a source of concern (36%), as are personal 4G/LTE hotspots and broadband USB dongles (24%).
As part of this research initiative, Pwnie Labs, the research and development division at Pwnie Express, aggregated and analysed more than seven million wireless and wired devices detected by the SaaS-based Pwn Pulse platform to identify the following year-over-year trends when comparing 2014 and 2015 data:
“As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organisation’s most sensitive information - and this has understandably put information security professionals on edge,” says Paul Paget, Pwnie Express CEO.
“Yet, despite ever-growing concerns around the proliferation of connected devices on and around their networks, more than one-third of organisations admit to having no BYOD policy in place at all and only 24% actually have a budget in place for BYOD security technology.
“This tells us that security professionals desperately need help educating the corner office and those in charge of the purse strings about the new evils and dangers their organisations face in our ever-evolving IoT world," Paget says.