Mid-size companies are embracing the internet of things, but are not always implementing security measures to protect their data. One in eight has been the victim of a cyber attack related to the IoT, according to a new study commissioned by Arctic Wolf, a vendor of security-as-a-service solutions.
IoT-based attacks hit the transportation industry the hardest, according to the survey. 29% of transportation companies surveyed said they had experienced an IoT-based attack. The telecom, construction and energy sectors were all tied for second place, with 22% of the mid-market companies in each of these industries reporting an IoT-based attack.
The report authors said that firewalls, antivirus software, and web content filtering are insufficient defenses against ransomware attacks like Wanna Cry and Petya.
“The FBI estimates that ransomware is a billion dollar business for cybercriminals,” the report authors wrote. “Ransomware has become so lucrative, cybercriminals are now offering ransomware-as-a-service, making it easy for criminals to get started with zero to minimal up-front costs.”
Researchers from the University of Michigan and Stony Brook University have published a paper calling for new security mechanisms for the internet of things. The authors say that some security challenges presented by the IoT can be solved using traditional approaches, and some require new paradigms.
Congress has also looked at the issue of IoT security, with senators from both sides of the aisle drafting a bill that would put the burden of security on the companies that make and sell devices that connect to the internet. The bill states that contractors must inform the government of any known security vulnerabilities involving their products and must guarantee that their products rely on “software or firmware components capable of accepting properly authenticated and trusted updates from the vendor.”
