13% of SMBs have experienced an IoT-based attack

One in four companies have already experienced a ransomware attack and one in eight have dealt with an IoT-based attack, according to Arctic Wolf Networks.

As mid-market companies continue to embrace IoT without implementing the necessary security tools, these attacks and vulnerabilities will persist. Despite the lack of precautionary measures, organizations are well aware of the threat, with over 70 percent of respondents expressing concern about an IoT-based ransomware attack.

“The next chapter in the story will raise the stakes with possible attacks on medical devices, electric grids and transportation systems, which could cause the loss of life,” said Brian NeSmith, CEO of Arctic Wolf Networks. “Companies not spending millions of dollars on security will be at a severe disadvantage fending off criminals who are organized, well-funded and very sophisticated in their methods.”

SMBs struggle with security basics

According to the research, SMBs are woefully unprepared for new cyber threats and most still struggle with security basics:

• Nearly 70 percent of respondents state that they do not have a formal incident response plan.
• Most (80 percent) do not have products to protect against zero day threats and over half (62 percent) do not conduct log analysis.
• Almost half (45 percent) of participants claim they are likely to pay the ransom to get access to their data.

IoT security findings

Additional IoT security findings from the survey include:

• The most impacted industry so far is transportation, with 29 percent of companies indicating they have already experienced an IoT attack. Companies in the energy, construction and technology industries have also been ongoing targets.
• SMBs have embraced IoT devices with more than 80% indicating IoT functionality makes them more likely to purchase devices.
• The targets of greatest concern for attack are computer hardware and systems, followed by key locks, industrial control systems, and printers/scanners.
• Some of the main concerns cited include possessing sensitive information that would be of interest to hackers, lack of internal resources to fund security, and lack of knowledge among internal IT staff.