Add sheer visibility to the growing list of concerns surrounding the explosive growth of the Internet of Things (IoT).
Tripwire recently surveyed over 220 security professionals at this year’s Black Hat conference in Las Vegas. The security company discovered that apart from the slot machines and blackjack tables the city is famous for, organizations were also gambling with the safety of their corporate networks while IoT devices proliferate within their organizations.
When asked if their organizations accurately track the number of IoT devices on their networks, 52 percent of respondents said no. Only 34 percent said their businesses kept tabs on their IoT devices. Discouragingly, another 15 percent said they didn’t know if their organizations kept a precise count.
Considering the IoT’s rapid growth – IoT devices are expected to leave mobile phones in the dust by 2018 – Tripwire’s finding are alarming. Earlier this year, Chinese telecommunications equipment maker Huawei forecast that the IoT would grow to cover 100 billion devices by 2025, that more than 13 devices for every person currently alive (based on a world population estimate of over 7.3 billion people).
Most organizations are not prepared for the security risks IoT devices pose. Thirty-seven percent of those surveyed admitted that they weren’t ready, but would be soon. Another 27 percent said they simply weren’t equipped to deal with IoT security while 5 percent claimed they weren’t worried.
Most security professionals are concerned that their IoT-enabled electronics may be turned into a damaging botnet-like army. Seventy-eight percent of respondents were anxious about the possibility of their IoT devices being enlisted for a distributed denial of service (DDoS) attack.
DDoS attacks are a plague among many websites and online service providers. In January, HSBC’s online banking system in the UK was rendered unavailable for several hours. This week, popular online gaming company Blizzard Entertainment suffered a DDoS attack preventing some customers from logging in or affecting their gameplay experience.
“It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern,” Dwayne Melancon, chief technology officer and vice president of Research and Development at Tripwire, in a statement. “That makes sense, since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets. The large number of easily compromised devices will require a new approach if we are to secure our critical networks.”
Pedro Hernandez is a contributing editor at Datamation. Follow him on Twitter @ecoINSITE.