Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
11/1/2019
04:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Fewer than half of cybersecurity professionals have a plan in place to deal with IoT attacks, despite the fact that ninety percent worry about future threats

New study from Neustar finds that 48% of organizations reported experiencing an attack on connected devices in the last year alone

STERLING, Va. – Oct. 31, 2019 – Fewer than half (47%) of cybersecurity professionals have a plan in place to deal with attacks on their IoT devices and equipment, despite that fact that nine out of ten express concerns over future threats, according to new research from the Neustar International Security Council (NISC).

These findings come at a time in which 48% of organizations admitted to experiencing a cyberattack against their IoT or connected devices and equipment in the last year alone. Just over a quarter (27%) reported feeling ‘very confident’ that their personnel would know how to protect against such attacks, while 38% claimed they are currently in the process of developing a plan.

“With IoT devices and equipment now being such a fundamental part of business, organizations are continuing to connect more devices to their networks, resulting in an increased attack surface. This not only opens businesses up to more attacks, it also gives malicious actors new opportunities to breach security systems,” said Rodney Joffe, Chairman of NISC and, Security CTO at Neustar. “In most cases, IoT devices have been built by third party vendors, meaning that the companies using these IoT devices do not have the knowledge of how they have been created or what security measures they have in place.”

“It’s crucial, therefore, to understand that the IoT has essentially been built on top of infrastructure that is vulnerable, making every organization a target. Recognising exactly what data needs protecting is a key factor for developing an organized and cohesive security strategy. This way businesses can successfully focus on their more vulnerable data, processes and models – guarding valuable information from any and all IoT attacks moving forward. On a more granular level, businesses must ensure the appropriate controls are in place for threat vulnerability and patch management while also ensuring that important data is identified and encrypted,” added Joffe. 

The latest NISC report also found threats are continuing to elevate across vectors. The International Cyber Benchmarks Index, which reflects the overall state of the cybersecurity landscape, has followed a steady upward trajectory since its inception, reaching a new record of 26.9 in September 2019.

The NISC survey asked security professionals to rank a list of cyberthreats from highest concern to lowest concern. System compromise was reported as the top concern by 22% of respondents, edging out distributed denial of service (DDoS) attacks (21%) and ransomware (20%).

Social engineering via email was most likely to be perceived as a growing threat (55% of respondents reported seeing an increase in July/August 2019), followed by DDoS attacks and ransomware (both 54%) and generalized phishing (53%).

Methodology

The International Cyber Benchmarks Index is based on a bimonthly online survey of security professionals, conducted by Harris Interactive on behalf of NISC. Participants in the September 2019 survey comprise 303 professionals from across five European markets and the United States. All are in senior positions within their organizations and are able to provide informed opinions about cybersecurity issues, including how these are impacting their enterprise and the wider business community.

The International Cyber Benchmarks Index figure is calculated using five of the survey questions that are repeated in every survey and tracked over time. An initial figure is taken from the percentage of enterprises that say notable recent cyber events have directly affected the way they protect their business. This figure is multiplied by the average “net increase” percentages from across three separate questions, reflecting (1) the change in the level of threat, (2) the change in the level of attack and (3) the change in the threat landscape. This figure is then multiplied by the percentage of enterprises that have ever been on the receiving end of a DDoS attack. The maximum (theoretical) potential index score is 100.

About the Neustar International Security Council

The Neustar International Security Council is an elite group of select cybersecurity leaders across key industries and companies. Through face-to-face events including an annual summit, quarterly thought-leadership seminars and regional roundtables, members learn and share the latest trends from leading experts and peers. For more information: https://www.nisc.neustar/.

 

About Neustar, Inc. 

Neustar is an information services and technology company and a leader in identity resolution providing the data and technology that enables trusted connections between companies and people at the moments that matter most. Neustar offers industry-leading solutions in marketing, risk, communications, security and registry that responsibly connect data on people, devices and locations, continuously corroborated through billions of transactions. Neustar serves more than 8,000 clients worldwide, including 60 of the Fortune 100. Learn how your company can benefit from the power of trusted connections here: https://www.home.neustar.

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.