According to a study from HP, 70 percent of IoT devices are currently vulnerable to an attack. While both manufacturers and their customers are certainly working to reduce that, a significant number of IoT devices will still be unprotected in 2017. Additionally, Gartner predicts over 20 billion IoT devices by 2020. Let’s say that in the next three years the number of secure IoT devices doubles, which means that only 40 percent will be insecure. According to Gartner’s estimate that means a total of 8 billion devices by then that are free to be enlisted in a hacker’s arsenal: roughly equivalent to the population of the Earth. That security risk is beyond anything we’ve currently seen in the realm of cybersecurity.
The risk isn’t necessarily coming from the sophistication of attacks but poor security practices of IoT users. Bad practices such as using the default usernames and passwords that are supposed to be used only for setup and then changed, are making it easy for attackers to take those devices and using them as botnets. Companies aren’t doing much to stop this or other potential sources of breaches. A study showed over 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack and a stunning 98 percent of the most vulnerable executives have little confidence that their firms constantly monitor devices and users on their systems. It’s clear that most C-Suite executives don’t give cybersecurity enough consideration.
Even more chilling news came from a report back in April, which ranked the U.S. government (including federal, state and local agencies) as having the worst cybersecurity protocols compared to 17 major private industries, including transportation, retail and health care. As these agencies face pressure to virtualize, move to the cloud and embrace connected devices, this lack of security will leave them greatly exposed. I believe that as a result of these vulnerabilities, there is a 50/50 chance that a significant cyber warfare attack is instrumented against the U.S. government, the U.S. military, U.S. critical infrastructure or the U.S. banking infrastructure. This organization will be ill-prepared and vulnerable; it is also likely that the attack won’t originate on IoT devices owned by the government but instead will come from the outside.
Comments
Post a Comment