The attack surface becomes larger. Whether in companies or in private households, the Internet of Things (IoT) has become an integral part of everyday life. The number of connected devices is increasing continuously and the Covid 19 pandemic has increased the pace significantly. Especially mobile work, homeand the associated increased use of private notebooks, tablets and smartphones has made the IoT practically ubiquitous. Along with the convenience, risks have also arisen due to insufficiently secured connections and numerous new gateways for criminals.
In order to get a precise picture of the IoT security situation in companies, Palo Alto Networks surveyed around 1,900 companies worldwide. In Germany, 200 companies with over 1,000 employees from various industries took part in the study.
“84 percent of companies in Germany have seen an increase in problematic IoT security incidents since the beginning of the pandemic, and every third company is not even sure that it has a complete insight into what is going on in its network. Nine out of ten respondents are concerned with improving their IoT security. At the same time, however, 9 percent have not yet thought about it, ”reports Sergej Epp, Chief Security Office for Central Europe at Palo Alto Networks.
“The countless IoT applications and the large number of devices that can be networked via the Internet have become an integral part of companies and private households. In the past year, 80 percent of companies saw an increase in IoT devices. It is therefore imperative that companies and their employees act carefully here and take the necessary safety precautions. “
In some cases there is a lot of catching up to do
After all, more than half of the organizations surveyed have segmented their own network in order to separate IoT devices and their apps from other applications that are critical for the company. A full 15 percent even use microsegmentation to shield IoT devices in secure zones of the network. However, almost all companies still see a need to catch up in their own precautions in terms of IoT security: 35 percent see a lot of catching up to do and 23 percent are of the opinion that they should completely overhaul their IoT security.
The companies surveyed not only confirm a “perceived” increase in risk due to increased use of the IoT, they also report very specific experiences: 84 percent state that the number of security incidents related to the IoT has actually increased. Internationally, 78 percent of those surveyed had the same experience.
Mixing of private and professional
Internationally, almost eight out of ten respondents report that in the past year they have observed an increase in private IoT end devices that have been connected to company IT. In Germany the rate is at least 65 percent.
“On the one hand, most companies seem to be fundamentally aware of the problem, and on the other hand, almost 80 percent are of the opinion that they have a sufficient overview of how their mobile employees connect IoT devices to the company network,” reports Epp. “I would like to at least express some doubts as to whether the insight and overview is really sufficient in so many cases.”
IIoT and DDos are a cause of concern, protective measures are required, pets as break-ins helpers
The security incidents surveyed are of particular concern if they:
- with the Industrial Internet of Things (IIoT) (49%)
- Distributed Denial of Service DDoS attacks (45%)
- or medical devices (35%).
In order to curb the risk as best as possible, the companies mainly rely on:
- preventive hazard defense (51%)
- well-founded risk analyzes (50%)
- and IoT-specific security know-how of your IT teams.
“It is good and important to see that many companies use several approaches to minimize the IoT security risk. The fundamentally improved awareness of the problem makes me confident. Nevertheless, I would like to strongly advise the IT managers to pursue a zero trust concept across the entire company, which can significantly reduce the dangers and risks, ”explains Epp. “In addition, it is more important than ever to neglect basic cyber hygiene. This includes regular patches and security updates, secure authentication procedures and, last but not least, a healthy dose of caution, especially when previously unknown applications and devices are connected to a network. “
Notably, 35% of companies on their networks reported connections to networked food bowls and cameras used to keep an eye on pets. At least 34 percent discovered smart home elements such as smart lamps and switchable power plugs in their IT systems. Private surveillance cameras (32%) and portable medical devices (29%) such as fitness trackers, diabetes measuring devices and similar things can often be found in the networks of German companies.