Pros See Attack on Critical Infrastructure Happening in the Next Five Years

64 Percent are More Concerned about Connected Device Threats with IoT at the Top of the List

Internet of Things Security Not Yet a Priority: Employers 2x More Likely To Have Security Policy for IT Devices than for IoT

Boston - According to a survey conducted by the Internet of Things (IoT) security company Pwnie Express, an overwhelming number of IT security professionals (85%) see a cyberattack on critical infrastructure happening in the next five years. Pwnie Express CEO Todd DeSisto says that figure is perhaps the scariest number the company has seen in the four years they have been conducting the “Internet of Evil Things” research.

IoT or internet of things devices are physical devices with internet connectivity such as smart meters, connected cars, connected medical devices, etc.

DeSisto says, “These devices pose additional layers of complexity and environmental exposure that traditional IT security measures are insufficient to handle. Our survey shows that security professionals are clearly anxious about this.”

There were other troubling findings from the more than 500 IT Security Pros who responded to Pwnie’s questions, including:

  • As compared to a year ago, 64 percent of respondents are more concerned about connected device threats, with IoT devices at the top of the list. Yet, slightly fewer are checking their wireless devices than last year. And one in three report their organizations are unprepared to detect connected device threats.

  • 60 percent of organizations suffered a malware attack in 2017; 1 in 3 experienced a ransomware attack.

  • Employee-owned devices (otherwise known as “BYOD”) are a concern for 80 percent of our respondents, yet fewer than 50 percent can monitor BYOD in real time.

  • Most organizations need to update their security policy to include IoT devices. Pwnie found two times the respondents had an IT security policy than an IoT policy. Furthermore, less than 50 percent of security professionals are involved in the purchasing approval process in three vulnerable categories – Building OT/IoT, Industrial IoT, and Consumer IoT.

The professionals provided more surprising revelations:

  • 49 percent are concerned about consumer IoT devices like smart watches, smart coffeemakers, and the like while only 23 percent can monitor for these types of devices.

  • 51 percent are concerned with malicious or purpose-built rogue devices, but only 24 percent can monitor for them in real time.

  • It seems counterintuitive, but small-to medium-sized organizations (SMOs) are more vigilant than larger enterprises. Just 49 percent of organizations with more than 1,000 employees know how many devices are connected to their networks as compared to 70 percent of SMOs.

“IoT has exponentially expanded the attack surface that organizations must identify, assess, and respond to,” DeSisto says. “Putting numbers on some of these issues will help CISOs clarify just how bad the security situation really is.”

To address the growing threat, Pwnie suggests the following:

  1. Recognize that poor cybersecurity threatens your organization’s brand. An overwhelming number of security pros said the biggest impact of cyberattack on their organization would be “negative brand perception.” More than a third of respondents said brand perception was their biggest fear, no other option got above 20 percent.

  2. Involve security professionals in purchasing decisions for all connected devices.

  3. Update security policy to include IoT devices.

To see the full report, go to: 2018 Internet Of Evil Things Report

About the Survey

Respondents were contacted via email between January 8 to February 27, 2018 and invited to the online survey hosted by SurveyMonkey. The respondents provided their emails to Pwnie Express and agreed to have them stored in the company’s database when they subscribed for Pwnie’s monthly newsletter. The survey link was sent directly from Pwnie Express. A link to the survey was also posted on Pwnie’s twitter page where potential respondents could share their answers.

About Pwnie Express

Pwnie Express closes the IoT security gap exposed by the deployment of IoT in the enterprise. By continuously identifying and assessing all devices and IoT systems, our security platform prevents IoT based threats from disrupting business operations. All without the need for agents, or changes to network infrastructure. To learn more about Pwnie Express visit www.pwnieexpress.com.