Organisations vulnerable to IoT-based attacks

New data from Extreme Networks reveals that IoT is barreling toward the enterprise, but organisations remain highly vulnerable to IoT-based attacks.

  • Wednesday, 19th February 2020 Posted 4 years ago in by Phil Alsop
The report, which surveyed 540 IT professionals across industries in North America, Europe, and Asia Pacific, found that 84% of organisations have IoT devices on their corporate networks. Of those organisations, 70% are aware of successful or attempted hacks, yet more than half do not use security measures beyond default passwords. The results underscore the vulnerabilities that emerge from a fast-expanding attack surface and enterprises’ uncertainty in how to best defend themselves against breaches.

 

Key findings include:

        Organisations lack confidence in their network security: 9 out of 10 IT professionals are not confident that their network is secured against attacks or breaches. Financial services IT professionals are the most concerned about security, with 89% saying they are not confident their networks are secured against breaches. This is followed by the healthcare industry (88% not confident), then professional services (86% not confident). Education and government are the least concerned of any sector about their network being a target for attack.

        Enterprises underestimate insider threats: 55% of IT professionals believe the main risk of breaches comes mostly from outside the organisation and over 70% believe they have complete visibility into the devices on the network. But according to Verizon’s 2019 Data Breach Investigations Report, insider and privilege misuse was the top security incident pattern of 2019, and among the top three causes of breaches. 

        Europe’s IoT adoption catches up to North America: 83% of organisations in EMEA are now deploying IoT, compared to 85% in North America, which was an early adopter. Greater IoT adoption across geographies is quickly expanding the attack surface.

        Skills shortage and implementation complexity cause NAC deployments to fail: NAC is critical to protect networks from vulnerable IoT devices, yet a third of all NAC deployment projects fail. The top reasons for unsuccessful NAC implementations are a lack of qualified IT personnel (37%), too much maintenance cost/effort (29%), and implementation complexity (19%).

        SaaS-based networking adoption grows: 72% of IT professionals want network access to be controlled from the cloud. This validates 650 Group’s prediction that more than half of enterprise network systems will transition to SaaS-based networking by the end of 2023.

 

Extreme provides the multi-layered security capabilities that modern enterprises demand, from the wireless and IoT edge to the data centre, including role-based access control, network segmentation and isolation, application telemetry, real-time monitoring of IoT, and compliance automation. As the mass migration of business systems to the cloud continues, cloud security becomes ever more important. Extreme’s security solutions extend in lockstep with the expanding network perimeter to harden enterprises’ environments both on-premises and in the cloud.