13 percent of SMBs have experienced an IoT-based attack, yet many still are not taking the necessary security measures
SUNNYVALE, CA– September 7, 2017 – Arctic Wolf Networks, a leading security operations center (SOC)-as-a-service company, today announced new research highlighting ransomware attacks on Internet of Things (IoT) devices as the likely next chapter in the evolution of the ongoing digital plague. The study, “Ransomware of Things: When Ransomware and IoT Collide,” was conducted in collaboration with Survey Sampling International and reveals that most small-to-mid-sized businesses (SMBs) do not have advanced detection and response capabilities for ransomware, advanced persistent threats (APT) and zero day attacks.
Perhaps most notably, the survey found that one in four companies have already experienced a ransomware attack and one in eight have dealt with an IoT-based attack. As mid-market companies continue to embrace IoT without implementing the necessary security tools, these attacks and vulnerabilities will persist. Despite the lack of precautionary measures, organizations are well aware of the threat, with over 70 percent of respondents expressing concern about an IoT based ransomware attack.
“The next chapter in the story will raise the stakes with possible attacks on medical devices, electric grids and transportation systems, which could cause the loss of life,” said Brian NeSmith, CEO and co-founder of Arctic Wolf Networks. “Companies not spending millions of dollars on security will be at a severe disadvantage fending off criminals who are organized, well-funded and very sophisticated in their methods.”
According to the research, SMBs are woefully unprepared for new cyber threats and most still struggle with security basics:
Nearly 70 percent of respondents state that they do not have a formal incident response plan.
Most (80 percent) do not have products to protect against zero day threats and over half (62 percent) do not conduct log analysis.
Almost half (45 percent) of participants claim they are likely to pay the ransom to get access to their data.
This Arctic Wolf study surveyed 300 individuals who are responsible for the IT or security functions inside their company. The respondents worked at companies with between 200 to 3,000 employees, with 93% of the respondents at the director level or higher with budgetary authority or direct organizational authority for security. The full report is available for download here.
Additional IoT security findings from the survey include:
The most impacted industry so far is transportation, with 29 percent of companies indicating they have already experienced an IoT attack. Companies in the energy, construction and technology industries have also been ongoing targets.
SMBs have embraced IoT devices with more than 80% indicating IoT functionality makes them more likely to purchase devices.
The targets of greatest concern for attack are computer hardware and systems, followed by key locks, industrial control systems, and printers/scanners.
Some of the main concerns cited include possessing sensitive information that would be of interest to hackers, lack of internal resources to fund security, and lack of knowledge among internal IT staff.
About Arctic Wolf
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. AWN CyberSOC is anchored by Concierge Security Engineers and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf Cyber-SOC visit https://www.arcticwolf.com.