Survey: IoT Overtakes Mobile as Security Threat

This year, the Internet of Things (IoT) surpassed mobile as a potential avenue of cyber attack, according to a report from ISACA, a nonprofit association focused on knowledge and practices for information systems. The 2017 State of Cyber Security Study surveyed IT security leaders around the globe on security issues, the emerging threat landscape, workforce challenges and more.

According to the study, 97 percent of responding organizations have seen IoT usage rise over the last year, making it a primary focus for cyber defenses. "As IoT becomes more prevalent in organizations, cyber security professionals need to ensure protocols are in place to safeguard new threat entry points," an ISACA statement advised.

Other findings include:

  • 53 percent of survey respondents reported a year-over-year increase in cyber attacks;
  • 62 percent experienced ransomware in 2016, but only 53 percent have a formal process in place to address a ransomware attack;
  • 78 percent reported malicious attacks aimed at impairing an organization's operations or user data;
  • Only 31 percent said they routinely test their security controls, while 13 percent never test them; and
  • 16 percent do not have an incident response plan.

"There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner," said Christos Dimitriadis, ISACA board chair and group head of information security at gambling systems company Intralot, in a statement. "Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared."

The survey also examined the roadblocks that security professionals face, such as a lack of resources and staff. Some of the findings in that area:

  • 65 percent of organizations now employ a chief information security officers, up from 50 percent in 2016, yet still struggle to fill open cyber security positions;
  • 48 percent of respondents don't feel comfortable with their staff's ability to address complex cyber security issues;
  • More than half say cyber security professionals "lack an ability to understand the business";
  • One in four organizations allot less than $1,000 per cyber security team member for training; and
  • About half of the organizations surveyed will see an increase in their cyber security budget, down from 61 percent in 2016.

"The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign," said Dimitriadis. "But that's not a cure-all. With the number of malicious attacks increasing, organizations can't afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their team's ability to address complex issues, we know there is more that must be done to address the urgent cyber security challenges faced by all enterprises."

The full report can be found at the ISACA site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • digital network with glowing blue and red lines, featuring multiple red arrows shifting in different directions

    Report: Attackers Change Tactics as Ransomware Payoffs Decline

    Attackers are changing tactics as they collect less money from ransomware payoffs, according to a new report from Chainalysis, a blockchain analytics firm.

  • SXSW EDU

    Explore the Future of AI in Higher Ed at SXSW EDU 2025

    This March 3-6 in Austin, TX, the SXSW EDU Conference & Festival celebrates its 15th year of exploring education's most critical issues and providing a forum for creativity, innovation, and expression.

  • business leader standing confidently amid interconnected gears

    Leading Through Complexity: How Online Leaders Can Drive Digital Institutional Transformation

    Leaders charged with developing and expanding online programs at their institutions are finding themselves in increasingly complex roles, but there are a few core steps institutional leaders can take to ensure success.