Small and midsize businesses are taking more steps to identify potential threats against their workplace Internet of Things devices than large enterprises, a new report by IoT security research firm Pwnie Express found.
According to the survey, 41 percent of IT security professionals at large enterprises did not know what types of attacks had hit their IoT devices in the past year. Meanwhile, only 25 percent of SMB-based IT professionals remained unaware.
’The research shows enterprises have a lot of work to do," Pwnie Express CEO Paul Paget told CRN. "Bigger companies may have bigger security teams and resources but they are so busy with the amount they have to manage and don't have as clear of a view into the device problem. We've found they are less likely to have a handle on the devices that are there."
[Related: Samsung Enterprise IoT VP: 'We Can't Succeed Without Our Partners' In IoT]
The Boston-based company's survey of 950 IT security professionals in SMBs and large enterprises, found that SMBs are also more likely than enterprise customers to know how many devices are connected to their networks, have checked wireless devices for malicious infections in the past month, and checked wireless devices that employees bring into the office in the past month.
"Large organizations would benefit from thinking more like the SMEs we saw in our research – knowing what is connected to their networks, regularly assessing the devices in their environment, and being ready to respond to IoT threats coming their way," said Paget.
Security vulnerabilities in IoT devices were underscored in October when a Distributed Denial-of-Service [DDoS] attack – which was launched through IoT devices including webcams, routers and video recorders – overwhelmed servers at Dynamic Network Services, taking down up to 1,200 websites.
There's a huge "expansion opportunity for the channel" to work with these enterprise clients, in addition to SMBs, to form a "broader view" of IoT security, said Paget.
"Having visibility into what’s on your networks, and knowing the threats and risks, are both important," said John Van Blaricum, vice president of global marketing at Kudelski Security, a Switzerland-based solution provider specializing in security. "But I’m not sure if this report shows SMBs being more proactive, or if it’s a reflection of the difference in scale between SMBs and large enterprises. Utilization of IoT devices is only going to increase – thus the complexity of enterprise security will continue to increase."
Paget suggested that large enterprises who are looking to strengthen their IoT security protocols take steps in recognizing the security risks of new IoT business systems, such as HVAC systems or printers.
He also recommended that companies deploy new technologies to monitor device threats and ensure security measures in use can assess threats.
Kudelski Security, for its part, is helping customers identify and manage IoT security vulnerabilities in their workplaces.
"We’re taking a two-pronged strategy, focusing on securing client organizations using IoT devices as well as working with manufacturers to validate and harden the software, firmware and chips driving the devices," said Van Blaricum. "If we don’t start addressing the vulnerabilities at the source, the scale may eventually overwhelm organizations of all sizes."
related stories
Video
trending stories
sponsored resources

Application Integration 360

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Cyber Protection 360

Sophos
Sophos Cybersecurity Learning Center

Vonage
Vonage

Channel Chief Showcase

SentinelONE
EndPoint Security 360

Comm100
Collaboration & Communications 360

Smart 3rd Party
3rd Party Maintenance 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

Veeam
Veeam

Fujifilm
Fujifilm

BlackBerry
BlackBerry Learning Center

Acer
Remote Workforce 360

Partner Program Guide Showcase

Hitachi Vantara
Hitachi Vantara

VMware

HubStor
Cloud Backup 360

Wasabi
Wasabi

Cysurance
Cyber Insurance 360

Vertiv
Edge Computing Learning Center

Webroot
Webroot Learning Center

Tenable
Cyber Risk 360

NPD
Industry Trends 360

Comcast Business
Comcast Business Learning Center

iboss
Cloud SASE Platform 360

Terranova Security
Cybersecurity 360

CyberPower
CyberPower

N-able
MSP Automation Solutions 360

eSentire
Managed Detection and Response 360

EPOS
EPOS

Sherweb
Sherweb

Dell Technologies
Dell Technologies Cloud Learning Center

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Dell Technologies
Dell Technologies Server Learning Center
