Small and midsize businesses are taking more steps to identify potential threats against their workplace Internet of Things devices than large enterprises, a new report by IoT security research firm Pwnie Express found.
According to the survey, 41 percent of IT security professionals at large enterprises did not know what types of attacks had hit their IoT devices in the past year. Meanwhile, only 25 percent of SMB-based IT professionals remained unaware.
“The research shows enterprises have a lot of work to do," Pwnie Express CEO Paul Paget told CRN. "Bigger companies may have bigger security teams and resources but they are so busy with the amount they have to manage and don't have as clear of a view into the device problem. We've found they are less likely to have a handle on the devices that are there."
The Boston-based company's survey of 950 IT security professionals in SMBs and large enterprises, found that SMBs are also more likely than enterprise customers to know how many devices are connected to their networks, have checked wireless devices for malicious infections in the past month, and checked wireless devices that employees bring into the office in the past month.
"Large organizations would benefit from thinking more like the SMEs we saw in our research – knowing what is connected to their networks, regularly assessing the devices in their environment, and being ready to respond to IoT threats coming their way," said Paget.
Security vulnerabilities in IoT devices were underscored in October when a Distributed Denial-of-Service [DDoS] attack – which was launched through IoT devices including webcams, routers and video recorders – overwhelmed servers at Dynamic Network Services, taking down up to 1,200 websites.
There's a huge "expansion opportunity for the channel" to work with these enterprise clients, in addition to SMBs, to form a "broader view" of IoT security, said Paget.
"Having visibility into what’s on your networks, and knowing the threats and risks, are both important," said John Van Blaricum, vice president of global marketing at Kudelski Security, a Switzerland-based solution provider specializing in security. "But I’m not sure if this report shows SMBs being more proactive, or if it’s a reflection of the difference in scale between SMBs and large enterprises. Utilization of IoT devices is only going to increase – thus the complexity of enterprise security will continue to increase."
Paget suggested that large enterprises who are looking to strengthen their IoT security protocols take steps in recognizing the security risks of new IoT business systems, such as HVAC systems or printers.
He also recommended that companies deploy new technologies to monitor device threats and ensure security measures in use can assess threats.
Kudelski Security, for its part, is helping customers identify and manage IoT security vulnerabilities in their workplaces.
"We’re taking a two-pronged strategy, focusing on securing client organizations using IoT devices as well as working with manufacturers to validate and harden the software, firmware and chips driving the devices," said Van Blaricum. "If we don’t start addressing the vulnerabilities at the source, the scale may eventually overwhelm organizations of all sizes."