The overwhelming majority (80.1 percent) of IT professionals worry about the potential for attacks originating through their Internet of Things (IoT) devices, according to a recent survey by Lieberman Software Corp. The survey also showed that most IT pros (63.1 percent) are not confident that their organizations can track and manage all the IoT devices on their networks.
It’s estimated that the Internet of Things now consists of more than 23 billion devices.1 That figure may reach 50 billion by 2020.2 This rapid growth in connectivity has likewise increased cyber security threats. In response to these threats the IoT security market is estimated to reach a valuation of $36.95 billion by 2021, according to Marketsandmarkets.com.
Last year’s DDOS attack on DNS provider Dyn, which took down Twitter, Pinterest, Netflix and other major web sites, has been referred to as a wake up call about the dangers of unsecured connected devices. The attack on Dyn was orchestrated using the Mirai botnet, which is largely made up of IoT devices. The attack also illustrated the dangers of unsecured default passwords on these devices.
The Lieberman Software survey queried respondents about changing default passwords on the IoT devices in the network. More than half (50.7 percent) admitted they do not have a process to change these passwords.
“The responses to this survey are a good representation of the emerging threat of unsecured IoT devices,” said Philip Lieberman, president and CEO of Lieberman Software. “Every one of these connected devices has an administrative back door that poses a risk. My advice to organizations is to assume that the credentials for their IoT devices are already compromised. And considering the vast number of devices in large enterprises, the only way to handle securing these credentials is through an automated security solution that can manage the scale.”