Survey: IoT Overtakes Mobile as Security Threat

• By Rhea Kelly
• 06/05/17

This year, the Internet of Things (IoT) surpassed mobile as a potential avenue of cyber attack, according to a report from ISACA, a nonprofit association focused on knowledge and practices for information systems. The 2017 State of Cyber Security Study surveyed IT security leaders around the globe on security issues, the emerging threat landscape, workforce challenges and more.

According to the study, 97 percent of responding organizations have seen IoT usage rise over the last year, making it a primary focus for cyber defenses. "As IoT becomes more prevalent in organizations, cyber security professionals need to ensure protocols are in place to safeguard new threat entry points," an ISACA statement advised.

Other findings include:

• 53 percent of survey respondents reported a year-over-year increase in cyber attacks;
• 62 percent experienced ransomware in 2016, but only 53 percent have a formal process in place to address a ransomware attack;
• 78 percent reported malicious attacks aimed at impairing an organization's operations or user data;
• Only 31 percent said they routinely test their security controls, while 13 percent never test them; and
• 16 percent do not have an incident response plan.

"There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner," said Christos Dimitriadis, ISACA board chair and group head of information security at gambling systems company Intralot, in a statement. "Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared."

The survey also examined the roadblocks that security professionals face, such as a lack of resources and staff. Some of the findings in that area:

• 65 percent of organizations now employ a chief information security officers, up from 50 percent in 2016, yet still struggle to fill open cyber security positions;
• 48 percent of respondents don't feel comfortable with their staff's ability to address complex cyber security issues;
• More than half say cyber security professionals "lack an ability to understand the business";
• One in four organizations allot less than $1,000 per cyber security team member for training; and
• About half of the organizations surveyed will see an increase in their cyber security budget, down from 61 percent in 2016.

"The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign," said Dimitriadis. "But that's not a cure-all. With the number of malicious attacks increasing, organizations can't afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their team's ability to address complex issues, we know there is more that must be done to address the urgent cyber security challenges faced by all enterprises."

The full report can be found at the ISACA site (registration required).