IoT (Internet of Things) strategies are hampering security management, with almost half (47%) of executives in a new survey saying it has become more difficult to stay secure in the last year. This is one of the key findings of the 2017-2018 Global Application and Network Security Report, just released by Radware®, a provider of cyber security and application delivery solutions.
Adding to the problem is the complex issue as to who is responsible for IoT security. When asked who needs to take responsibility, there was no clear consensus among security executives. Responses pinned responsibility on the organisations managing the network through to the manufacturers, but the majority said it was down to consumers using these devices (56%).
Andrew Foxcroft, regional director for Radware UK, Ireland and Nordics, says that its time companies closed the debate and assume responsibility themselves: “Everything that is attached to the network is a threat to security. The longer we debate who is responsible the more advantage we hand to the hackers who will do everything that can to exploit weaknesses.
“Governments of the world are taking more and more interest in IoT and if companies fail to be decisive, take responsibility and collaborate on security, legislation will make the decision for them – look at Germany’s decision to ban smart toys.
“It’s lazy to assume consumers will think about security. We already know people find it challenging to keep up with software updates and are unlikely to think through the risks regardless of the terms and conditions they sign up to. The network is only as strong as its weakest link and the sooner companies realise IoT devices are the weakest link, and that the buck will always stop with them, the better.”
The study also found that the percentage of companies reporting financially motivated cyber-attacks has doubled over the past two years, with 50% of surveyed companies experiencing a cyber-attack motivated by ransom in the past year. As the value of bitcoin and other cryptocurrencies – often the preferred form of payment among hackers – has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later.
Cryptocurrencies help hackers
“The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers with a clear upside that goes beyond cryptocurrencies’ anonymity,” adds Foxcroft. “Paying a hacker in these situations not only incentivises further attacks, but it provides criminals with the vital funds they need to continue their operations.”
The number of companies that reported ransom attacks in which hackers use malware to encrypt data, systems, and networks until a ransom is paid – surged in the past year, increasing 40% from the 2016 survey. Companies don’t expect this threat to go away in 2018 either. One in four executives (26%) see ransom as the largest threat to their business sector in the coming year.
“Criminals used various exploits and hacks this year to encrypt vital systems, steal intellectual property, and shut down business operations, all with ransom demands attached to these actions,” Foxcroft said. “Between service disruptions, outages, or intellectual property theft, hackers are leaving businesses reeling, searching for solutions after a hack occurs. As hackers and their methods become increasingly automated, it is now more important than ever for organisations to be proactive in protecting their business.”
Other key findings of the report include:
- Businesses are most concerned with their data when hit with a cyber-attack. Respondents noted that data leakage was their top business concern, followed by reputation loss and service outages. Yet with five months to go until GDPR comes into force, only 28% say their organisation is very or well prepared for GDPR, and another third feel somewhat prepared. Not surprising, those in Europe are more likely to say they are very well or well prepared compared to those in North America (35% vs. 25%), while one in four in North America are completely unfamiliar with GDPR.
- Despite one in four (24%) businesses reporting cyber-attacks daily or weekly, nearly 80% of surveyed organisations have not come up with a calculation for the cost of attacks, and one in three lack a cyber security emergency response plan.
- One-fifth already rely on machine learning and a quarter plan to integrate it in the next 12 months. However, Europe is falling behind the US and Asia Pacific in the adoption of artificial intelligence. In the US 58% of companies already rely or plan to integrate artificial intelligence, with a similar story in the Asia Pacific region (54%), but in Europe 62% neither rely nor plan to use artificial intelligence.
- To help bolster defences, a third of companies (29%) in Europe and 41% in the US are now open to including hackers in their IT security teams.
Radware’s Global Application and Network Security Report, now in its seventh year, is a cross-industry report compiled by Radware’s Emergency Response Team (ERT), leveraging vendor-neutral survey data from 605 IT executives spanning several industries around the globe, Radware’s hands-on experience handling today’s leading threats, as well as third-party service provider commentary.
The complete Global Application & Network Security Report 2017-2018, which details 2017’s major attack trends and provides predictions and recommendations from Radware’s ERT for how organisations can best prepare for mitigating cyber threats in 2018, can be downloaded here.