Most organisations unprepared for IoT security risks, according to survey

chombosan via iStock

A new survey has revealed that less than one-third of companies (30 per cent) are prepared for the security risks associated with the Internet of Things (IoT).

Conducted at the Black Hat computing conference by security firm Tripwire, the survey also revealed that just 34 per cent of the respondents believe their organisations accurately track the number of IoT devices on their networks.

A total of five per cent of survey respondents said they are not concerned about IoT risks although 89 per cent said they expect IoT devices on their networks to increase in 2017.

IoT devices can present significant and unique security risks to consumers and businesses. For example, Arbor Networks recently reported that distributed denial of service (DDoS) attacks have grown in size as well as frequency, partly due to the rising number of connected devices.

Tim Erlin, director of IT security and risk strategy for Tripwire, said: “The Internet of Things presents a clear weak spot for an increasing number of information security organisations. As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks.”

He added: “By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced.”

The survey also found that 78 per cent of respondents are concerned about the weaponisation of IoT devices in the use of DDoS attacks, whilst nearly half (47 per cent) expect the number of IoT devices on their networks to increase by at least 30 per cent in 2017.

Just 11 per cent of those surveyed said they consider DDoS attacks one of the top two security threats their organisations face.

Speaking about the increase in IoT devices being added to firms’ networks, Dwayne Melancon, Tripwire chief technology officer and vice president of research and development, said: “Organisations must respond with low-cost, automated and highly resilient methods to successfully manage the security risk of these devices at scale.”