Internet of Things Security Policies Still Lagging, Report Finds

Internet of things (IoT) security has been a growing concern in recent years, with vulnerabilities continuing to be reported and hackers continuing to launch attacks. IoT security vendor Pwnie Express released its 2018 Internet of Evil Things report on May 16, providing insight from a total of 708 cyber-security professionals around the world. Among the high-level findings in the report is that 85 percent of respondents hold the view that a major attack on critical infrastructure is likely within the next four years. While organizations are aware of IoT risks, the study found that only 23 percent of organizations actually monitor their networks for IoT device threats and barely one-quarter have an IoT security policy. In this slide show, eWEEK looks at some of the highlights of the 2018 Internet of Evil Things report.

When asked about the likelihood of a major cyber-attack on critical infrastructure, 85 percent of respondents said they expect one inside of the next five years.

Fifty-nine percent of respondents reported that their organization was attacked with malware in the past year.

Pwnie Express found that in 2018, respondents on average were checking their wireless devices for malicious infections less frequently than they did in 2017.

There are multiple effects that a cyber-attack can have on an organization. The Pwnie Express study found that negative brand perception, damaging an organization’s reputation, is a primary impact.

While 75 percent of respondents said they have some form of security policies in place for IT devices, when it comes to IoT devices the numbers are much smaller. For industrial IoT, only 29 percent said they have a policy; for consumer IoT, the number was even lower at only 27 percent.

When asked who is most responsible for connected device security, 61 percent said IT security and only 13 percent said the device manufacturer.

Although most respondents said IT security is most responsible for IoT security, 39 percent agreed with the notion that the government should regulate security standards for IoT devices.