IoT under attack: Security is still not good enough on these edge devices
With IoT botnets continuing to cause problems and attacks on critical infrastructure an ongoing menace, Microsoft has conducted research to find out whether edge network devices are a threat to enterprise systems.
The Microsoft-commissioned survey, conducted by the Ponemon Institute, looked at Internet of Things (IoT) and Operational Technology (OT) devices and what security threats they posed to IT systems that were once separated from edge network devices. OT includes devices and software used to monitor and control industrial equipment, bringing a physical element to cybersecurity.
The survey of 615 IT, IT security and OT security practitioners across the United States found that 51% of OT networks are connected to corporate IT networks. Microsoft details key findings in a blogpost and has released a report.
Some 88% of respondents said their business IoT devices are connected to the internet for things like cloud-printing services while 56% reported devices on their OT network were connected for remote access.
Microsoft points to the Mozi P2P IoT botnet, which, for example, targets vulnerabilities in video recorders and other IoT products, including popular network gateways. Microsoft reckons Mozi demonstrates how business networks can be breached by compromised edge devices that were once assumed to be air-gapped from internal platforms.
The Ponemon Institute survey found that only 29% of respondents had a complete inventory of IoT and OT devices. Most respondents (64%) had low or average confidence that their IoT devices are patched - and the same proportion admitted they did not know if the devices had been compromised.