One quarter of companies have already experienced a ransomware attack and one in eight have dealt with an Internet of Things (IoT)-based attack, according to new research.
As mid-market companies continue to embrace IoT without implementing the necessary security tools, these attacks and vulnerabilities will persist, according to the research by Arctic Wolf Networks. Despite the lack of precautionary measures, organizations remain aware of the threat, with over 70 percent of respondents expressing concern about an IoT-based ransomware attack.
“The next chapter in the story will raise the stakes with possible attacks on medical devices, electric grids and transportation systems, which could cause the loss of life,” said Brian NeSmith, chief executive of Arctic Wolf Networks. “Companies not spending millions of dollars on security will be at a severe disadvantage fending off criminals who are organized, well-funded and very sophisticated in their methods.”
SMBs are unprepared for new cyber threats, the research found. On top of that most of the firms struggle with basics:
• Nearly 70 percent of respondents said they do not have a formal incident response plan.
• 80 percent do not have products to protect against zero day threats and 62 percent do not conduct log analysis.
• 45 percent said they are likely to pay the ransom to get access to their data.
The study surveyed 300 individuals responsible for the IT or security functions inside their company. The respondents worked at companies with between 200 to 3,000 employees, with 93 percent of the respondents at the director level or higher with budgetary authority or direct organizational authority for security.
Additional IoT security findings from the survey include:
• Transportation so far was the largest industry suffering from IoT attacks with 29 percent of companies responding in the affirmative. Companies in the energy, construction and technology industries have also been targets.
• SMBs have embraced IoT devices with more than 80 percent indicating IoT functionality makes them more likely to purchase devices.
• The targets of greatest concern for attack are computer hardware and systems, followed by key locks, industrial control systems, and printers/scanners.
Some of the main concerns cited include possessing sensitive information that would be of interest to hackers, lack of internal resources to fund security, and lack of knowledge among internal IT staff.
Click here to download the report.