Security executives fear cyberattacks will heavily target critical infrastructures in the near future, but they don’t seem to be doing much about enforcing security policies that also cover IoT devices. Despite the major threat they pose, connected devices have so far been overlooked in security policies. It appears that in general, in spite of the increasing awareness of high-profile cyberattacks and threats, enterprises tend to look the other way rather than invest properly in a cybersecurity strategy.
2018 appears to be the worst year in terms of corporate security, according to current research rom the Pwnie Express. In interviews with more than 500 security executives, IoT security has proven a major common concern as enterprises understand the growing risks of the threat landscape. However, if hit by a cyberattack, companies would mostly worry about the negative publicity their brand would receive.
One in three security professionals worry their businesses are not yet prepared to detect and contain IoT threats, while almost half fear the threats posed by consumer IoT devices because less can actually monitor them.
As many as 85 percent of security executives worry their countries will go through a crucial infrastructure attack in the next five years. However, although they believe IoT security is among their responsibilities, security professionals say they are rarely consulted when device purchasing decisions are made.
More than half of organizations dealt with malicious attacks in 2017. Contrary to expectations, small to medium-sized companies are more observant regarding employee practices and more security-aware than larger businesses. 80 percent of executives named the BYOD trend a key concern because it is very difficult to keep track of activity. According to the report, larger companies are not even aware of the number of devices connected to their infrastructure, while SMOs are more aware of the actual number of entry points created into their network.
The number of attacks has gone up so far in 2018, as new classes of threats and more sophisticated attacks have been detected compared with previous years. The attack on Schneider Electric proved how cybercriminals “might cause physical damage to a plant, or even kill people by sabotaging safety systems before attacking industrial plants,” Reuters is quoted as saying in the report.
The report indicates malware (59 percent) and ransomware (32 percent) were not the only threats businesses dealt with in 2018. One-third of security executives said they struggled with DDoS attacks caused by IoT botnets. In addition, over 22 percent detected attacks on wireless communications of access points. For the rest of the year and 2019, the attack surface will probably increase and more devastating attacks will take place on critical sectors such as healthcare, public health and energy, which have so far done a poor job in network security.