Only half of cybersecurity professionals have a plan in place to deal with attacks on their IoT devices and equipment, despite that fact that nine out of ten express concerns over future threats, according to new research from the Neustar International Security Council (NISC).
These findings come at a time in which 48 percent of organisations admitted to experiencing a cyberattack against their IoT or connected devices and equipment in the last year alone. Just over a quarter reported feeling ‘very confident’ that their personnel would know how to protect against such attacks, while 38 percent claimed they are in the process of developing a plan.
NISC Chairman Rodney Joffe said: “With IoT devices and equipment now being such a fundamental part of business, organisations are continuing to connect more devices to their networks, resulting in an increased attack surface. This not only opens companies up to more attacks, it also gives bad actors new opportunities to breach security systems.
“In most cases, IoT devices have been built by third-party vendors, meaning that the companies using these IoT devices do not know about how they have been created or what security measures they have in the ace. “ IoT has essentially been built on top of infrastructure that is vulnerable, making every organisation a target. Recognising exactly what data need,s protecting is a key factor for developing an organised and cohesive security strategy. This way businesses can successfully focus on their more vulnerable data, processes and models – guarding valuable information from any and all IoT attacks moving forward. On a more granular level, businesses must ensure the appropriate controls are in place for threat vulnerability and patch management while also ensuring that important data is identified and encrypted,” Joffe said.
The latest NISC report also found threats are continuing to elevate across vectors. The International Cyber Benchmarks Index, which reflects the overall state of the cybersecurity landscape, has followed a steady upward trajectory since its inception, reaching a new record of 26.9 in September 2019.
The NISC survey asked security professionals to rank a list of cyberthreats from highest concern to lowest concern. System compromise was reported as the top concern by 22% of respondents, edging out distributed denial of service (DDoS) attacks (21%) and ransomware (20%).
Social engineering via email was most likely to be perceived as a growing threat (55 percent of respondents reported seeing an increase in July/August 2019), followed by DDoS attacks and ransomware (both 54 percent) and generalised phishing (53 percent).