It’s estimated that the Internet of Things (IoT) now consists of more than 23 billion devices. And that figure may top 50 billion by 2020. This rapid growth in connectivity has likewise increased cyber security threats.
For example, consider last year’s DDOS attack on DNS provider Dyn – which took down Twitter, Pinterest, Netflix and other major web sites. It has been referred to as a wake-up call about the dangers of unsecured connected devices. The attack was orchestrated using the Mirai botnet, which is largely made up of IoT devices.
In response to these emerging threats, the IoT security market is estimated to reach a valuation of $36.95 billion by 2021, according to Marketsandmarkets.com. There are no shortages of predictions about the damage that unsecured IoT devices might wreak. They range from the catastrophic destruction of the critical national infrastructure to mere nuisance DDoS attacks.
So how much of the perceived IoT threat is valid and how much is hype? To find out, we surveyed the people who know best – some of the more than 43,000 IT security professionals attending RSA Conference 2017.
The IoT survey results showed that most IT pros (63.1%) are not confident that their organizations can track and manage all the IoT devices on their networks. And of those who are confident, 48.8% estimated that they only manage 1 – 50 IoT devices. By comparison, among those who said there are at least 5,000 IoT devices on their networks only 17.1% think they can track and manage all of their IoT devices.
Securing the Backdoor into IoT Devices
We provide products that secure the privileged credentials in cross-platform enterprises. That’s why we wanted to ask respondents about the security of the default passwords on their IoT devices. Many IoT devices come pre-configured with default passwords that are publicly known. And if these passwords aren’t changed, they’re an easy access point for a hacker.
So the survey queried respondents about changing default passwords on the IoT devices. More than half (50.7%) admitted they do not have a process to change these passwords.
Philip Lieberman, our President and CEO, said: “Every one of these connected devices has an administrative back door that poses a risk. My advice to organizations is to assume that the credentials for their IoT devices are already compromised. And considering the vast number of devices in large enterprises, the only way to handle securing these credentials is through an automated security solution that can manage the scale.”
All of these factors seem encapsulated in this statistic – the overwhelming majority (80.1%) of respondents worry about the potential for attacks originating through their IoT devices.
You can read the survey details at http://go.liebsoft.com/IoT-Security-Survey.