sb-as logo
Story image

Information security professionals may not be prepared for IoT after all

Risk and concern surrounding the Internet of Things (IoT) continues to grow, while related security resources and visibility into connected devices stagnates, according to new research sponsored by Pwnie Express, the wireless threat detection solutions provider.

As a result, even with awareness of vulnerable devices at an all time high, information security professionals are not ready or equipped to address the growing threat of the IoT, the research suggests.

According to the report, today, 86% of information security professionals are concerned about connected device threats, with 50% either ‘very’ or ‘extremely concerned’.

Furthermore, the majority (67%) are more worried about connected device threats than they were a year ago, with first- hand experience driving heightened concern - 55% have witnessed an attack via wireless device, and 38% have witnessed an attack via mobile device.

Due to the proliferation of wireless and mobile devices and the prevalence of BYOD and BYOx environments, IT security professionals are lacking visibility, as 37% can’t even tell how many devices are connected to their networks. Additionally, 40% note their organisation is ‘unprepared’ or ‘not prepared at all’ to find connected device threats.

On top of this:

  • Most security professionals are not ready to monitor or detect less-common RF and off-network IoT devices.
  • 89% cannot see Bluetooth devices, and 87% cannot monitor 4G/LTE devices in real time.
  • 71% cannot monitor off-network WiFi devices in real time.
  • 56% cannot monitor on-network IoT devices in real time.

Subsequently, the vast majority (71%) is concerned with devices in a default, misconfigured, or vulnerable state, including devices with default passwords and ‘wide-open’ settings. Additionally, more than half (51%) are concerned about unauthorised mobile devices, access points and wearables. Corporate sponsored BYOD is also a source of concern (36%), as are personal 4G/LTE hotspots and broadband USB dongles (24%).

As part of this research initiative, Pwnie Labs, the research and development division at Pwnie Express, aggregated and analysed more than seven million wireless and wired devices detected by the SaaS-based Pwn Pulse platform to identify the following year-over-year trends when comparing 2014 and 2015 data:

  • Coolpad devices, at 30%, have overtaken Samsung as maker of devices accounting for the most prevalent vulnerable mobile hotspots.
  • HP Print, at 56%, has overtaken Xfinitywifi as the most common default open wireless network.
  • HP printers are the most prevalent wireless devices deployed in a highly vulnerable default configuration at 56%; while exposing confidential print jobs and compromising corporate client devices, these printers can be also used as a backdoor into private corporate networks.
  • Wireless Access Points (APs) remain vulnerable: 35% of APs within the last six to 12 month show weak or no encryption.

“As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organisation’s most sensitive information - and this has understandably put information security professionals on edge,” says Paul Paget, Pwnie Express CEO.

“Yet, despite ever-growing concerns around the proliferation of connected devices on and around their networks, more than one-third of organisations admit to having no BYOD policy in place at all and only 24% actually have a budget in place for BYOD security technology.

“This tells us that security professionals desperately need help educating the corner office and those in charge of the purse strings about the new evils and dangers their organisations face in our ever-evolving IoT world," Paget says.

Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
McAfee finds vulnerabilities in 'temi' the videoconferencing robot
Temi is commonly used in environments including businesses, healthcare, retail, hospitality, and other environments including the home.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More