Acts of evil on the internet are on the rise, according to the 2018 Internet of Evil Things survey. In its fourth consecutive year, the survey, conducted by Pwnie Express, polled more than 500 security professionals and found their collective responses to be “the scariest survey results we’ve seen yet.”
The report indicates that security professionals have a heightened concern for growing threats, with 85% of respondents believing their country will suffer a major critical infrastructure cyber-attack in the next five years.
“The attack on a Schneider Electric safety system was considered a watershed moment because it demonstrated how hackers ‘might cause physical damage to a plant, or even kill people by sabotaging safety systems before attacking industrial plants,'” the report quotes Reuters as saying.
In addition to confronting issues with malware and ransomware, the survey found that nearly one-third of respondents reported being part of a distributed denial-of-service (DDoS) attack. Of those, more than 22% discovered attacks on wireless communications or access points.
While many respondents (64%) admitted to being stressed and uneasy about the lack of security in the internet of things (IoT), “one in three respondents said that their organizations were unprepared to detect connected device threats.” Despite nearly half (49%) of respondents admitting that they are concerned about consumer IoT devices, only 23% said they can monitor devices like smartwatches and other types of IoT devices.
Satya Gupta, CTO and co-founder, Virsec, echoed the concerns of survey respondents but noted that, while understandable, anxiety needs to be turned into actionable security.
“There is still a gap in understanding between IT and OT [operational technology],” Gupta said. “While most of the concern focuses on the devices (is my refrigerator spying on me?), most attacks come through IT channels. Especially in the ICS [industrial control system] space, the real dangers are from IT systems that automatically control myriad sensors, switches and other devices. Hacking a one-off device will cause limit damage, but hacking an ICS SCADA system can bring down an entire power plant or worse.”
Despite the risks, security professionals continue to be left out of purchasing decisions. Only 60% of survey respondents said that they have a role in the purchasing approval process for IT devices, which includes computers, mobile devices, and servers.
While 75% of security professionals said that they have a security policy in place for IT devices, only 35% have security policies for their building OT/IoT devices.