tostphoto - stock.adobe.com

Report: 72% Orgs Faced Increase in IoT, Endpoint Security Incidents

Cybersecurity decision makers name malware, insecure networks, and remote access as the biggest threats to their organization, highlighting an increase in endpoint and IoT security incidents.

Two-thirds of organizations saw an increase in the number of IoT and endpoint security incidents in the last year, with US cybersecurity decision makers naming malware, insecure networks, and remote access points as the biggest threats to the enterprise, according to a report from Cybersecurity Insights. 

Those successful attacks spurred a loss of user and IT productivity in nearly half of the victim organizations and system downtime for 42 percent. 

For the Pulse Secure-sponsored 2020 Endpoint and IoT Zero Trust Security Report, researchers examined the key risks, considerations, initiatives, and investments being advanced by the enterprise to implement improved zero trust endpoint and IoT security through a survey of 325 US IT and cybersecurity decision makers from the healthcare, financial services, government, and energy sectors. 

According to the research, 56 percent of these decision makers anticipate their organization will experience a system compromise due to an endpoint or IoT-related attack within the next 12 months.

"It's clear from this new research that the challenge of securing IoT and endpoints has escalated considerably as employees have been forced to work remotely, while organizations try to rapidly adapt to the situation,” Scott Gordon, Pulse Secure Chief Marketing Officer said in a statement.  

“The threat is real and growing,” he continued. “Yet, on a positive note, the survey shows that organizations are investing in key initiatives and adopting zero trust elements such as remote access device posture checking and Network Access Control (NAC) to address some of these issues.” 

For healthcare, which struggles with patch management, inventory, and a host of IoT vulnerabilities, the data is concerning. A recent report showed a host of medical devices, IoT, and IoMT devices, including MRIs and CTs, operate on legacy platforms or allow the use of asocial media apps.

Meanwhile, the highly vulnerable Ripple20 flaws disclosed earlier this year primarily impact healthcare devices. A successful exploit could lead to data exposure and give a hacker control of the device, allowing them to propagate across the network. 

In terms of threats, malware was ranked as the top issue facing endpoint and IoT security by 78 percent of respondents. The second biggest threat is insecure network and remote access (61 percent), followed by compromised credentials (58 percent). 

As seen in several recent alerts, hackers are leveraging stolen credentials for brute-force attacks, fraud attempts, and a host of other nefarious activities

The challenge and concern is that 43 percent of the surveyed cybersecurity leaders said they had “moderate to unlikely means” for discovering, identifying, and responding to unknown, unmanaged, or insecure devices connected to the network and cloud resources. 

Further, insufficient protection against the latest threats was named the biggest endpoint and IoT security challenge by 49 percent of respondents, followed by the high complexity of deployment (47 percent) and an inability to enforce endpoint and IoT device access/usage policy (40 percent). 

To move the needle on these vulnerable endpoints, 54 percent of respondents said it’s critical to have tools able to monitor endpoint or IoT devices for malicious or anomalous activity. Fifty-one percent named tools capable of blocking or isolating unknown or at-risk endpoint and IoT devices’ network access, while 46 percent said they need tools capable of blocking access to at-risk devices. 

Fortunately, the majority of organizations (61 percent) anticipate an increase or significant increase in investments to secure remote access and endpoint security technology in the next year, compared to 6 percent of organizations that expect a decrease in investment. 

Another 41 percent said their organizations plans to implement or advance on-premise device security enforcement, while 35 percent plan to advance the posture checking of remote access devices and 22 percent plan to advance their IoT device identification and monitoring capabilities. 

“The diversity of users, devices, networks, and threats continue to grow as enterprises take advantage of greater workforce mobility, workplace flexibility, and cloud computing opportunities,” Holger Schulze, Cybersecurity Insiders CEO and Founder, said in a statement.  

“Not only do organizations need to ensure endpoints are secure and adhering to usage policy, but they must also manage appropriate IoT device access,” he added. “New Zero Trust security controls can fortify dynamic device discovery, verification, tracking, remediation, and access enforcement.”

Next Steps

Dig Deeper on Cybersecurity strategies