A successful cyber attack on critical infrastructure will happen within the next five years says survey of IT security pros
- Published: Thursday, 17 May 2018 07:38
According to a survey conducted by the Internet of Things (IoT) security company Pwnie Express, an overwhelming number of IT security professionals (85 percent) see a cyber attack on critical infrastructure happening in the next five years. Pwnie Express CEO Todd DeSisto says that figure is perhaps the scariest number the company has seen in the four years they have been conducting the ‘Internet of Evil Things’ research.
There were other troubling findings from the more than 500 IT security professionals who responded to Pwnie's survey, including:
- As compared to a year ago, 64 percent of respondents are more concerned about connected device threats, with IoT devices at the top of the list. Yet, slightly fewer are checking their wireless devices than last year. And one in three report their organizations are unprepared to detect connected device threats.
- 60 percent of organizations suffered a malware attack in 2017; 1 in 3 experienced a ransomware attack.
- Employee-owned devices (otherwise known as BYOD) are a concern for 80 percent of respondents, yet fewer than 50 percent can monitor BYOD in real time.
- Most organizations need to update their security policy to include IoT devices. Pwnie found two times the respondents had an IT security policy than an IoT policy. Furthermore, less than 50 percent of security professionals are involved in the purchasing approval process in three vulnerable categories – building OT/IoT, industrial IoT, and consumer IoT.
- 49 percent are concerned about consumer IoT devices like smart watches, smart coffeemakers, and the like; while only 23 percent can monitor for these types of devices.
- 51 percent are concerned with malicious or purpose-built rogue devices, but only 24 percent can monitor for them in real time.
- It seems counterintuitive, but small-to medium-sized organizations are more vigilant than larger enterprises. Just 49 percent of organizations with more than 1,000 employees know how many devices are connected to their networks as compared to 70 percent of small-to medium-sized organizations.
Obtain the full report (PDF).