A video by Cyber threat detection company Pwnie Express shows that hackers can launch a Cyberattack at almost any location be it Public places like streets, trains, or in a company’s office without letting the victims know that their devices are being hacked.
Pwnie Express 2017 Internet of Evil Things Report on wired, wireless, Bluetooth, IoT, and BYOD challenges faced by IT security shows that after the deadly Mirai attack in 2016, 84% of the infosec community is now aware of the vulnerabilities and risks possessed by the connected devices.
Detected first in August 2016, Mirai botnet is a distinguished threat to the IoT security and has laid out some of the largest and most disruptive distributed denial of service (DDoS) attacks. Notable attacks include 20 September 2016 breach on computer security journalist Brian Krebs’s web site, an attack on French web host OVH, and cyberattack on DNS service provider Dyn.
Read: Dangers of free WiFi.
Key findings of 2017 Internet of Evil Things Report
Awareness is not leading to Actions
Most infosec professionals are aware of the attacks like Mirai with 92% agreeing that connected device threats will be a major security issue in 2017. However, they have not taken actions and investments that will mitigate risk; 66% of respondents said they either haven’t checked or don’t know how to check their devices for Mirai. The same percentage of people, don’t know or aren’t sure how many connected devices their colleagues bring into work.
Just 23% of all who were surveyed said that they monitor connected devices coming into their offices. They also checked those devices for malicious infections in the last year.
Security infrastructure is still missing
The challenges to provide IT security has only grown with the rise of connected devices brought into the workplace. This not just includes employees but also outsiders, like business partners, vendors, maintenance professionals and visitors to the workplace.
The report mentions that IT security teams said they don’t have the necessary tools to detect the risk of employee devices brought to the workplace. 41% of companies have no bring your own device (BYOD) policy while nearly 1-in-3 of respondents who have a BYOD policy have no way of enforcing it.
Budget allocation to IoT Security remains poor
Although the number of respondents that have a budget or plan to have a budget for IoT security is up by 11%, the figure itself is very low when compared with other categories and are much lower than the fear IT security professionals shared about IoT security.
“Professionals acknowledged there are huge holes in their companies’ defenses, while InfoSec teams do not yet have the resources to address the problems”, quoted the report.
Newsmakers for 2017
As per the report, 2017 will see device-driven breaches. With large attacks like Mirai out in open, attackers are likely to target vulnerable connected devices for nefarious large-scale purposes. The next step is using those same devices to compromise specific networks.
In addition to attacks compromising our data security and efficiency, 2017 will be the year that physical security will start to be threatened by IoT.