"The Internet of Things is not just a buzzword, nor is it merely a vision of the sci-fi future. It's already happening, in every sector of the global economy.
Self-parking cars, autonomous drones, smart meters talking to smart appliances in the home, HVAC systems in commercial buildings, wireless-enabled medical devices and wearable fitness gadgets are all examples. Ubiquitous embedded software, often vulnerable and even unpatchable, enabled by 24/7 wireless connectivity, creates an unprecedented level of interconnectivity and complexity," says SANS Analyst Gal Shpantzer. "This unique survey takes a look at the security community's perception of the vulnerabilities in the IoT and the threats that would exploit them."
In the survey, almost 60% of respondents fully understand and find the Internet of Things relevant to their companies and jobs; 43% of respondents are already actively working to secure some of these types of "Things" in their environments.
"The SANS Securing the Internet of Things survey results show that the security community is already aware of the challenges the IoT will bring and that those challenges will require both the evolution of existing security controls and the development of new security processes," says survey author John Pescatore.
Survey respondents were most concerned about device connections to the Internet (50%), followed by vulnerabilities associated with the command and control channel to the device's firmware (24%), with another 9% concerned about the firmware itself.
While it's clear that most organizations are preparing to embrace the IoT, 50% of respondents were not ready to secure an ecosystem of "Things," and while they acknowledge that their IT staff is responsible for securing their Things, they expect vendors to play a critical role in security of such devices as well.
Pescatore explains, "Security managers will hold the manufacturers of "Things"
to higher levels of responsibility for security than they required for PCs and servers."
Results and insights surrounding security challenges for the IoT will be released during a webcast on Wednesday, January 15, at 1 PM EST. To register for the complimentary webcast please visit: http://www.sans.org/info/148160
Those who register for these webcasts will be given access to an advanced copy of the associated report developed by John Pescatore.
The SANS Analyst Program, www.sans.org/reading_room/analysts_program, is part of the SANS Institute.
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest source for world-class information security training and security certification in the world, offering over 50 training courses each year. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 27 hands-on, technical certifications in information security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community.