Risk
1/9/2014
12:54 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SANS Announces Results Of Its 2013 Securing The Internet Of Things Survey

Call on vendors to take responsibility for securing devices

BETHESDA, Md., Jan. 8, 2014 /PRNewswire-USNewswire/ -- SANS announces results of its 2013 Securing the Internet of Things survey, sponsored by Codenomicon and Norse, in which 391 IT professionals answered questions about the current and future security realities of the Internet of Things (IoT).

"The Internet of Things is not just a buzzword, nor is it merely a vision of the sci-fi future. It's already happening, in every sector of the global economy.

Self-parking cars, autonomous drones, smart meters talking to smart appliances in the home, HVAC systems in commercial buildings, wireless-enabled medical devices and wearable fitness gadgets are all examples. Ubiquitous embedded software, often vulnerable and even unpatchable, enabled by 24/7 wireless connectivity, creates an unprecedented level of interconnectivity and complexity," says SANS Analyst Gal Shpantzer. "This unique survey takes a look at the security community's perception of the vulnerabilities in the IoT and the threats that would exploit them."

In the survey, almost 60% of respondents fully understand and find the Internet of Things relevant to their companies and jobs; 43% of respondents are already actively working to secure some of these types of "Things" in their environments.

"The SANS Securing the Internet of Things survey results show that the security community is already aware of the challenges the IoT will bring and that those challenges will require both the evolution of existing security controls and the development of new security processes," says survey author John Pescatore.

Survey respondents were most concerned about device connections to the Internet (50%), followed by vulnerabilities associated with the command and control channel to the device's firmware (24%), with another 9% concerned about the firmware itself.

While it's clear that most organizations are preparing to embrace the IoT, 50% of respondents were not ready to secure an ecosystem of "Things," and while they acknowledge that their IT staff is responsible for securing their Things, they expect vendors to play a critical role in security of such devices as well.

Pescatore explains, "Security managers will hold the manufacturers of "Things"

to higher levels of responsibility for security than they required for PCs and servers."

Results and insights surrounding security challenges for the IoT will be released during a webcast on Wednesday, January 15, at 1 PM EST. To register for the complimentary webcast please visit: http://www.sans.org/info/148160

Those who register for these webcasts will be given access to an advanced copy of the associated report developed by John Pescatore.

The SANS Analyst Program, www.sans.org/reading_room/analysts_program, is part of the SANS Institute.

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.

(www.SANS.org)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8617
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-2209
Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.