According to security researchers at Trustwave, businesses who have deployed IoT devices faced the security downsides, as IoT devices patching still lags.
As a report by Trustwave notes, 61% of businesses who have used some kind of connected technology have faced security incidents that were traced to IoT devices. On the other hand, less than half surveyed companies (49%) indicated that they have applied formal patching policies that should help to prevent future cyber attacks.
What is more, security experts also noted that since 2008, when the Hydra malware have targeted routers at the very first time, IoT devices also have faced increasing security threats. In addition, until the present time, these warnings have gone unheeded.
Despite the requests and calls for more advanced IoT security, even 24 % of surveyed companies noted that they have faced malicious infiltration through IoT devices. In addition, according to the research “IoT Cybersecurity Readiness Report”, of all the cyber attacks, IoT attacks are up by 9%.
According to Michel Chamberland, practice lead for Trustwave:
Most organizations are 10 to 20 years behind in their security practices when it comes to IoT, and they’re repeating the same security mistakes as they have in the past, including storing their credentials in plain text.
It is worth to mention that in most cased misconfigured IoT devices are still in its infancy. Researchers also noted that they will remain to check an increase in IoT-based cyberattacks, that include sabotage, malicious software, denial-of-service or other threat.
What is more, there was no shortage of vulnerabilities and threats revolving around IoT devices in 2017, which basically proves what M. Chamberland said.
Bluetooth vulnerabilities or BlueBorne was mentioned in September 2017 by security researchers. At the time, billions of connected Android and Apple devices, printers, smart TVs and other IoT devices that use the short-range wireless protocol were threatened by BlueBorne. These bugs potentially enabled cybercriminals to launch wireless attacks and take full control of infected IoT devices.
According to Trustwave, a part of the IoT security issue is that the sheer variety of devices, technologies and defensive solutions establishing a uniform approach to locking down IoT looks impossible.
Only 10 percent of those surveyed are ‘very’ confident that they can detect and protect against IoT-related security incidents, while 62 percent are only ‘somewhat’ or ‘not’ confident that they can do so.
In addition, the study also noted that even those businesses who do not apply any IoT devices are not available to keep their head in the sand because the consequences of vulnerable IoT outside of business use also include an increasing volume of DDoS attacks related to insecure IoT devices. For instance, the Mirai botnet harnessed approximately 360,00 insecure IoT devices to launch an unprecedented DDoS attack, in 2016.