As risk and concern around connected Internet of Things (IoT) devices continues to grow, resources and visibility into such connected devices have stagnated despite the introduction of countless new entry points for malicious actors across the enterprise, according to Pwnie Express.
The survey of more than 400 global IT security professionals examines the growing phenomenon referred to as the Internet of Evil Things (IoET). As awareness of vulnerable devices grows in 2016, infosec professionals are not ready or equipped to address the growing threat.
Issues with connected devices
Today, 86 percent of infosec professionals are concerned with connected device threats. 67 percent are more worried about connected device threats than they were a year ago, with first-hand experience driving heightened concern: 55 percent have witnessed an attack via wireless device, and 38 percent have witnessed an attack via mobile device.
Due to the proliferation of wireless and mobile devices and the prevalence of BYOD, IT security pros seeking visibility find themselves swimming in increasingly murky water, as 37 percent can’t even tell how many devices are connected to their networks.
- Most security professionals are not ready to monitor or detect less-common RF and off-network IoT Devices.
- Eighty-nine percent cannot see Bluetooth devices, and 87 percent cannot monitor 4G/LTE devices in real time.
- Seventy-one percent cannot monitor off-network WiFi devices in real time.
- Fifty-six percent cannot monitor on-network IoT devices in real time.
71 percent is concerned with devices in a default, misconfigured, or vulnerable state, including devices with default passwords and wide-open settings. Additionally, 51 percent are concerned about unauthorized mobile devices, access points and wearables. Corporate sponsored BYOD is also a source of concern (36 percent), as are personal 4G/LTE hotspots and broadband USB dongles (24 percent).