IoT attacks on rise as hackers acquire new remote targets 

As businesses went and stayed remote, the challenge of securing IoT and end-points has escalated.
7 October 2020

Crosshairs. Source: Shutterstock

  • Nearly three-quarters of businesses experienced an increase in endpoint IoT security incidents last year

The ongoing global pandemic that has led to massive levels of remote work and increased use of hybrid IT systems is leading to greater insecurity and risk exposure for enterprises. 

According to new data released by Cybersecurity Insiders, 72% of organizations experienced an increase in endpoint and IoT security incidents in the last year, while 56% anticipate their organization will likely be compromised due to an endpoint or IoT-originated attack within the next 12 months.   

The 2020 Endpoint and IoT Zero Trust Security Report examined key issues, considerations, initiatives, and investments that enterprises are advancing for more robust Zero Trust endpoint and IoT security. The survey of 325 IT and cybersecurity decision-makers in the US represented a cross-section of organizations from financial services, healthcare and technology to government and energy.

Alongside that headline figure, the most pressing issues were related to malware (78%), insecure network and remote access (61%), and compromised credentials (58%). 

More than 43% said their means to discover, identify, and respond to unknown, unmanaged, and insecure devices accessing network and cloud resources was “moderate to unlikely”. 

“It is clear from this new research that the challenge of securing IoT and end-points has escalated considerably as employees have been forced to work remotely while organisations try to rapidly adapt to the situation,” said Scott Gordon, chief marketing officer at Pulse Secure. 

“The threat is real and growing,” he said. 

However, the study did show that organizations are investing further into security initiatives, including zero trust elements such as remote access device posture checking and network access control (NAC), Gordon added. 

The research found that 41% will implement or advance on-premise device security enforcement (NAC), 35% will advance their remote access devices posture checking, and 22% will advance their IoT device identification and monitoring capabilities.

For those that had been victim of an endpoint or IoT security issue, the most significant negative impact was a reported loss of user (55%) and IT (45%) productivity, followed by system downtime (42%). 

“The diversity of users, devices, networks, and threats continue to grow as enterprises take advantage of greater workforce mobility, workplace flexibility, and cloud computing opportunities,” said Holger Schulze, CEO, and Founder of Cybersecurity Insiders.

“Not only do organizations need to ensure endpoints are secure and adhering to usage policy, but they must also manage appropriate IoT device access. New Zero Trust security controls can fortify dynamic device discovery, verification, tracking, remediation, and access enforcement.”