Vulnerabilities / Threats

7/18/2017
10:00 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows

IoT Security Incidents Rampant and Costly

New research offers details about the hidden - and not so hidden - costs of defending the Internet of Things.
3 of 9

IoT v. Traditional Breach and Incident Costs

Nearly half of survey respondents in the IDC report report a security attack on their IoT devices.

'I would have expected it to be much lower,' says Robert Westervelt, an information security analyst with IDC. 'IoT is still in the early days and I would have expected the results to be around 10% to 20%, not 46%.'

Meanwhile, nearly two-thirds (63.5%) of survey respondents in the financial services industry and almost half (47.2%) in the healthcare industry say their organizations experienced an IoT security breach or incident.


Because the vast majority (93.2%) of survey respondents call in third-party services or vendors such as IoT forensic specialists to help them fix or assess an IoT breach or incident, the report finds that 70.1% of respondents say IoT attacks are more costly to deal with compared with traditional breaches or incidents.

Image Source: Rapid Maturity of IoT Projects Highlights Risks, IDC

IoT v. Traditional Breach and Incident Costs

Nearly half of survey respondents in the IDC report report a security attack on their IoT devices.

"I would have expected it to be much lower," says Robert Westervelt, an information security analyst with IDC. "IoT is still in the early days and I would have expected the results to be around 10% to 20%, not 46%."

Meanwhile, nearly two-thirds (63.5%) of survey respondents in the financial services industry and almost half (47.2%) in the healthcare industry say their organizations experienced an IoT security breach or incident.

Because the vast majority (93.2%) of survey respondents call in third-party services or vendors such as IoT forensic specialists to help them fix or assess an IoT breach or incident, the report finds that 70.1% of respondents say IoT attacks are more costly to deal with compared with traditional breaches or incidents.

Image Source: Rapid Maturity of IoT Projects Highlights Risks, IDC

3 of 9
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
LindsayW718
50%
50%
LindsayW718,
User Rank: Apprentice
7/26/2017 | 5:25:42 AM
Great emphasis
IoT is really just THE internet - information has become more powerful than intangible knowledge, but is proactively leading change. As work will inevitably transcend office-commute-home cycles, security by design cannot be limited to the company, but the person too. Organisations like CybSafe have integrated this thinking into their training.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2446
PUBLISHED: 2018-08-14
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2447
PUBLISHED: 2018-08-14
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
CVE-2018-2448
PUBLISHED: 2018-08-14
Admin tools in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, allows an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2449
PUBLISHED: 2018-08-14
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
CVE-2018-2450
PUBLISHED: 2018-08-14
SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.