New Report on IoT Security Underscores the Current Risk of Unsecured Devices and Equipment
SUNNYVALE, Calif., Feb. 14, 2024 (GLOBE NEWSWIRE) — Asimily, a leading Internet of Things (IoT) risk management platform, today announced the availability of a new report: IoT Device Security in 2024: The High Cost of Doing Nothing.
The comprehensive report—available for free download here—highlights emerging IoT device security trends and challenges.
Enterprises continue to embrace IoT strategies to streamline operations, boost efficiency, and improve customer experiences. From hospitals to manufacturers to public sector agencies, IoT device fleets are critical for meeting these modernization goals. However, the acceleration in connected device deployment opens new windows for cybercriminals and exposes networks to potential breaches. This report addresses the growing challenge of securing IoT devices and explores the consequences for businesses neglecting sufficient cyber resilience. It also provides valuable guidance for implementing a comprehensive approach to mitigating IoT-related cyberattack risks.
Among the key findings and analysis included in the new report:
- Breach tactics continue evolving: Cybercriminals seeking confidential proprietary data to sell for financial gain look for and infiltrate vulnerable and often-unsecured IoT devices to establish initial access to an enterprise’s network. That tactic supports ransomware attacks as well, with criminals gaining access via IoT endpoints, encrypting data, and extorting ransoms. In other cases, nation-state-sponsored groups are motivated to shut down or disrupt the services of their targets. A common tactic is harvesting vast fleets of vulnerable IoT devices to create botnets and utilize them to conduct DDoS attacks. Attackers also know they can rely on unresolved legacy vulnerabilities, as 34 of the 39 most-used IoT exploits have been present in devices for at least three years.
- Routers are the most targeted IoT devices, accounting for 75% of all IoT infections. Hackers exploit routers as a stepping stone to access other connected devices within a network. Security cameras and IP cameras are the second most targeted devices, making up 15% of all attacks. Other commonly targeted devices include digital signage, media players, digital video recorders, printers, and smart lighting. The report also highlights the especially consequential risks associated with specialized industry equipment—including devices critical to patient care in healthcare (including blood glucose monitors and pacemakers), real-time monitoring devices in manufacturing, and water quality sensors in municipalities.
- Cyber insurers are capping payouts. Cybersecurity insurance is becoming more expensive and difficult to obtain as cyberattacks become more common. More insurers are now requiring businesses to have strong IoT security and risk management in place to qualify for coverage—and increasingly denying or capping coverage for those that do not meet certain thresholds. Among the reasons why cyber insurers deny coverage, a lack of security protocols is the most common, at 43%. Not following compliance procedures accounts for 33% of coverage denials. Even if insured, though, reputational damage remains a risk: 80% of a business’s customers will defect if they do not believe their data is secure.
- Manufacturing is now the top target. Cybercriminals are increasingly focusing their attention on the manufacturing, finance, and energy industries. Retail, education, healthcare, and government organizations remain popular targets, while media and transportation have been de-emphasized over the past couple of years.
“Vulnerable IoT devices continue to be a glaring cybersecurity weak spot for many, many enterprises,” said Kenan Frager, VP of Marketing, Asimily. “In the rush to absorb all of the business benefits these devices deliver, sufficient security—and the impact that security has on the broader network—is too often left unchecked. Regardless of industry, an attack on IoT infrastructure can and will result in operational downtime, loss of IP, loss of revenue, and reputational harm. Regulatory compliance adds another layer of pressure, with steep fines and sanctions looming for breaches that affect HIPAA, PCI DSS, NIST, SOC 2, and other increasingly stringent mandates.”
“There’s a clear and urgent need for more businesses to prioritize a more thorough risk management strategy capable of handling the unique challenges of the IoT,” said Shankar Somasundaram, CEO, Asimily. “While organizations often struggle with the sheer volume of vulnerabilities in their IoT device fleets, crafting effective risk KPIs and deploying tools to gain visibility into device behavior empowers them to prioritize and apply targeted fixes. This approach, coupled with a deeper understanding of attacker behavior, enables teams to distinguish between immediate threats, manageable risks, and non-existent dangers. The right strategy equips organizations to focus efforts where they matter most, maximizing their resources while ensuring the security of their IoT ecosystem at scale.”
Download and read IoT Device Security in 2024: The High Cost of Doing Nothing here: https://asimily.com/iot-device-security-in-2024-the-high-cost-of-doing-nothing/
About Asimily
Asimily has built an industry-leading risk management platform that secures IoT devices for organizations in healthcare, manufacturing, higher education, government, life sciences, retail, and finance. With the most extensive knowledge base of IoT and security protocols, Asimily inventories and classifies every device across organizations, both connected and standalone. Because risk assessment—and threats—are not a static target, Asimily monitors organizations’ devices, detects anomalous behavior, and alerts operators to remediate any identified anomalies. With secure IoT devices and equipment, Asimily customers know their business-critical devices and data are safe. For more information on Asimily, visit https://www.asimily.com
Contact
Kyle Peterson
[email protected]
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/ddf218ec-a8a0-48b5-884b-ca35f842ac44
Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. TheTechOutlook.com takes no editorial responsibility for the same.