IoT attacks can be devastating, but study finds security ‘complacency’ among connected-device users

Hey, Alexa: How do I ward off a cyberattack?

As internet-connected and “smart” devices proliferate in the business world, many organizations are sleeping on best practices that could protect their network from being one of this year’s top hacking targets.

According to a new study by IoT security firm Keyfactor and market research firm Vanson Bourne, “There is a marked sense of complacency with product security regionally for those that operate and use IoT and connected devices.”

The study, released Oct. 10, found 94% of surveyed North American IoT professionals agreed they could improve IoT security, while nearly two-thirds said they’re “as protected as they could be” from attacks on their connected devices.

The results suggest that “some businesses have reached a level of protection where they feel satisfied but haven’t further investigated or sought solutions to really delve into what ‘full’ protection might be,” the study said.

This false sense of security could prove devastating, as bad actors increasingly eye IoT devices as entry points into otherwise secure networks. CNBC reported that the roughly 17 billion IoT devices in the world, “from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked,” are a primary focus for digital criminal enterprises in 2023.

Nearly 90% of the 1,200 professionals surveyed in June and July who use or manufacture IoT devices told Keyfactor they’d been victimized by cyberattacks in the past year, and almost 70% of respondents reported they’d seen an uptick in IoT cyberattacks over the last three years. Just over half said they’d been hit by phishing attempts; malware and ransomware attacks came in second and third on the list.

A lax approach to IoT security can carry a hefty price tag for organizations that fall prey to cyberattacks. Keyfactor found that connected-device breaches cost firms an annual average of $236,035—which amounts to over half an average annual budget for IoT device security.

Keyfactor noted that these attacks can be financially devastating, leaving a company “with less than half of their original budget to spend on securing the devices in the first place, and if more than one breach is successful then organizations will struggle to place any budget in this area.”

To guard against the attacks, Keyfactor recommended taking simple yet proactive steps, like implementing multi-factor authentication, training employees on cyberthreats, and updating anti-malware software. Companies can also seek support from a trusted third-party vendor and consider using public key infrastructure to manage device certificates and identities, the report said.