Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

New Trustwave Report Shows Disparity Between IoT Adoption and Cybersecurity Readiness

Trustwave and Osterman Research Survey Reveals IoT Adoption and Security Practices are Misaligned

CHICAGO - February 28, 2018- Trustwave today released the "IoT Cybersecurity Readiness Report" which assess the current and future use of Internet of Things (IoT) technologies and corresponding security practices and implementation challenges across organizations in a wide-range of industries. Astonishingly, although most organizations surveyed plan to increase adoption of IoT into operations, only 28 percent consider security strategies specific to IoT as "very important."

Osterman Research conducted the survey on behalf of Trustwave, primarily with midsize and large organizations with a median of 1,000 employees per organization. Individuals with applied security experience or knowledge were targeted. A total of 137 surveys were completed in November 2017.

Key findings from the Trustwave IoT Cybersecurity Readiness Report include:

  • IoT use is growing rapidly - Sixty-four percent of organizations surveyed have deployed some level of IoT technology, and another 20 percent plan to do so within the next 12 months. The result will be that by the end of 2018, only one in six organizations will not be using at least a minimal level of IoT technology for business purposes.
  • Security concerns cited as top barrier to increased IoT adoption -  Although greater than half surveyed plan on increasing use of IoT technologies, 42 percent are either unsure or have no plans to increase use. Fifty-seven percent cite security concerns as the number one barrier to greater IoT adoption, followed by "not relevant to operations" at 38 percent and "lack of budget" at 27 percent.
  • Disparity between IoT use and security - Only 28 percent of organizations surveyed consider that their IoT security strategy is "very important" when compared to other cybersecurity priorities within the organization. More surprising, however, is that greater than one-third believe that IoT security is only "somewhat" or "not" important.
  • Most have already experienced an IoT-related security incident - Sixty-one percent of those surveyed who have deployed some level of IoT technology have had to deal with a security incident related to IoT. While most of the reported incidents involved actual attacks - e.g., malware infiltration (24 percent of the organizations surveyed) and successful phishing and/or social engineering attacks (18 percent), some were merely attempted attacks, such as misconfiguration attacks (11 percent). Additionally, organizations can be attacked by IoT devices from outside sources even though they have no IoT devices deployed internally. Overall, most believe they will experience an IoT security problem in the future, with 55 percent believing it will happen during the next two years.
  • Lack of patching policies and procedures - Only 49 percent of organizations surveyed have formal patching policies and procedures in place, and only about one-third patch their IoT devices within 24 hours after a fix becomes available. 
  • Insufficient risk assessment for third-party partners and testing of IoT vendors - Fewer than one-half of organizations consistently assess the IoT security risk posed by third-party partners, another 34 percent do so only periodically, and 19 percent don't perform third-party IoT risk assessment at all. In addition, only 70 percent of organizations perform their own security testing or piloting of these devices, only 54 percent use published reviews, and only 32 percent use third-party testing services. Many (47 percent) rely on vendors' security claims.
  • Confidence in IoT security is not high - Only 10 percent of those surveyed are "very" confident that they can detect and protect against IoT-related security incidents, while 62 percent are only "somewhat" or "not" confident that they can do so. The combination of a low emphasis placed on IoT security, the sizeable proportion of organizations in which security incidents have already occurred and the perception that future security incidents are a virtual certainty leaves decision makers with little confidence that they can defend against IoT-related security incidents.

"Any device or sensor with an IP address connected to a corporate network may open the doors to a devastating security incident," said Lawrence Munro, vice president SpiderLabs at Trustwave. "As IoT adoption continues to proliferate, manufactures of IoT are sidestepping security fundamentals as they rush to bring products to market. We are seeing lack of familiarity with secure coding concepts resulting in vulnerabilities, some of them a decade old, incorporated into final designs. Because updating IoT devices by nature is more challenging, many remain vulnerable even after patches are issued, and often patches are not even developed. Organizations need to properly document and test each internet-connected device on their network or face introducing potentially thousands of new attack vectors easily exploitable by cybercriminals."

"Interestingly, the security of IoT was identified as the leading barrier to greater adoption," noted Michael Osterman, principal analyst with Osterman Research. "There have been numerous IoT-related security problems in the recent past and the problems will only get worse until decision makers make security the key issue in their selection and deployment of IoT-related devices."

DOWNLOAD REPORT

To download a complimentary copy of the "IoT Cybersecurity Readiness Report," which includes recommendations by Trustwave security experts, visit:
https://www2.trustwave.com/IoT-Security-Report.html.

METHODOLOGY

Osterman Research conducted this survey in November 2017 with 137 members of its survey panel. To qualify for the survey, respondents had to be knowledgeable about and/or responsible for IoT-related security practices in their organizations. The mean number of employees at the North American organizations surveyed was just under 17,000. A wide range of industries were included in the survey. The survey was sponsored by and conducted on behalf of Trustwave. The survey has a margin of error of +/- 8.4 percent.

ABOUT TRUSTWAVE

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

###

All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Latest News Releases

Trustwave Named in 2024 Gartner® Market Guide for Co-Managed Security Monitoring Services

Chicago – March 14 – Trustwave, a global cybersecurity and managed security services leader, was named a Representative Vendor in its just released 2024 Market Guide for Co-Managed Security...

Read More

Trustwave Named a Leader in Frost & Sullivan MDR Radar Report

Chicago – March 11, 2024 – Trustwave, a global cybersecurity and managed security services leader, today was named a leader in the Frost & Sullivan 2024 Managed Detection and Response (MDR) Radar...

Read More

New Trustwave SpiderLabs Research Exposes Unique Cybersecurity Threats Facing Education Industry

Chicago – February 22, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released comprehensive research uncovering unique cybersecurity threats faced by...

Read More