It seems information security programs are not keeping up with the pace of evolving cyber-threats.
As more companies support Internet of Things (IoT) and bring-your-own-device (BYOD) programs, they become bigger targets to savvy cyber-criminals. This threat grows more serious when 66% of IT security professionals aren’t sure how many devices are even in their environment.
That’s according to “The Internet of Evil Things,” a report from Pwnie Express. The firm tapped more than 800 IT security professionals across financial services, hospitality, retail, manufacturing, professional services, technology, healthcare, energy and more, to understand the security risk that IoT is becoming for companies.
More than 90% of these IT security professionals reported that connected devices will be a major security issue this year, especially when many but don’t have the necessary solutions to address new threats, including IoT malware, like Mirai.
Last fall, Mirai was used to arm hundreds of thousands of webcams to attack the Internet infrastructure company Dyn. The undetected malware caused a near shutdown of the Internet for millions of Americans trying to get to their favorite websites.
Following the attack, 84% of those surveyed admitted that Mirai changed their perception about threats from IoT devices. Yet, over 65% said they either haven’t checked or don’t know how to check their connected devices for Mirai. This lack of insight gives determined attackers the potential to use vulnerable connected devices for nefarious large-scale purposes, and to compromise specific networks and companies, the report said.
But Mirai isn’t the only threat. One in five survey respondents (20%) said their IoT devices were hit with ransomware attacks last year, and 16% of respondents said they experienced “Man-in-the-Middle” attacks through IoT devices. In these instances, hackers secretly relay and possibly alter the communication between two parties who believe they are directly communicating with each other.
“Mirai demonstrated what the right malware could do if unleashed onto poorly configured or inadequately secured devices,” said Paul Paget, Pwnie Express CEO. “When you consider the exploding number of con-nected devices, many with poorly configured or no security, and the fact that security teams can’t see these devices, it becomes clear that security programs need to shift spending to adapt more quickly.”