Survey: Less Than One-Third of Organizations Prepared for IoT Security Risks
PORTLAND, Ore. — August 25, 2016 — Tripwire, Inc., a leading global provider of endpoint detection and response, security and compliance solutions, today announced the results of a survey of over 220 information security professionals who attended Black Hat USA 2016. The conference took place July 30 - August 4, 2016, at the Mandalay Bay Convention Center in Las Vegas, Nevada.
When asked if their organizations are prepared for the security risks associated with Internet of Things (IoT) devices, less than one-third (thirty percent) of the respondents said, “yes.” In addition, only thirty-four percent of the respondents believe their organizations accurately track the number of IoT devices on their networks.
According to Cisco, the number of connected devices is projected to increase to over 50 billion by 2020. Despite their popularity, IoT devices present significant and unique security risks to consumers and businesses. For example, Arbor Networks recently reported that distributed denial of service (DDoS) attacks have grown both in size and frequency, due in part to the rising number of connected devices.
“The Internet of Things presents a clear weak spot for an increasing number of information security organizations,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks. By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced.”
Additional findings from the survey included:
- Seventy-eight percent of the respondents are concerned about the weaponization of IoT devices in the use of DDoS attacks.
- Nearly half (forty-seven percent) of the respondents expect the number of IoT devices on their networks to increase by at least thirty percent in 2017.
- Only eleven percent of the respondents consider DDoS attacks one of the top two security threats their organizations face.
“It wasn't so long ago that home computer ‘zombie armies’ were the weapon of choice for a lot of cyber attacks and denial of service attacks,” said Dwayne Melancon, chief technology officer and vice president of research and development for Tripwire. “It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern. That makes sense, since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets. The large number of easily compromised devices will require a new approach if we are to secure our critical networks. Organizations must respond with low-cost, automated and highly resilient methods to successfully manage the security risk of these devices at scale.”
For more on Tripwire’s survey, please visit: http://www.tripwire.com/company/research/black-hat-2016-survey-iot-risks-and-cyber-war/.
Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at tripwire.com/blog or follow us on Twitter @TripwireInc.