RiskRecon is pleased to announce the release of its latest research endeavor with Cyentia Institute that examines how IoT devices affect the risk surface of organizations.

Get the Report Here

Since the Internet of Things began to gain notoriety, enterprises and consumers alike have become somewhat familiar with this whole notion around connected devices: what they are, how they impact our lives, and what they’re capable of doing. But whether you’re using an Amazon Alexa-based device to find a dinner recipe, Apple’s Siri to send a text while in the car, or back when working from an office was the norm, tinkering with a video conferencing setup to speak to your colleagues in the UK -- the Internet of Things can take on many shapes and sizes. This is exactly why assuming that all IoT devices are created equal isn’t the best way to approach managing your connected world. 

Intended to make our lives easier, connected devices have created new headaches and challenges – including an increased potential for attacks. When it comes to the enterprise, it’s always best to assume that connected devices contain possible flawed software, unless proven otherwise. 

IOTRiskRecon has once again joined forces with Cyentia Institute to take an in-depth look at how exposed IoT devices affect the risk surface of commercial organizations. We scoured through our proprietary dataset of millions of hosts controlled by more than 35,000 organizations to find answers to two questions:

  • What are the types of IoT devices are prevalent in enterprise firms?
  • How the presence of these insecure, connected things can correlate with other types of problems (read: security-related risks)?

Key Takeaways

  •  86% of security issues affecting IoT devices are rated as critical 

Overall, findings confirm that exposed IoT devices can impact high-value assets and generate critical security findings.

  • Firms with exposed IoT have a 62% higher density of overall security issues 

Exposed enterprise IoT devices, unfortunately, are a clear indication that other security-related issues within the organization are not far behind. The higher the number of exposed IoT, the higher the likelihood an organization will experience some kind of issue related to network filtering and software patching. 

  • Higher education institutions have a 14X higher rate of IoT device exposures than when compared to other verticals 

Concerning yet not surprising. It’s no secret that educational institutions as a whole struggle with maintaining up-to-date networking environments. 

  • Cameras make up 54% of the most common Internet-facing enterprise infrastructure

Devices such as cameras and printers were found to be the most used connected things in enterprise settings. But the IoT software running these devices lacks the proper security necessary to prevent potential serious compromises if exploited. 

Based on these findings, you’re likely thinking to yourself, “So, where am I supposed to go from here? Banning all IoT-connected devices in an enterprise setting is unrealistic.” 

The answer can be found in emphasizing enterprise risk management. Leveraging real-time, intelligent security analytics to automatically assess the level of risk in connected devices can help your enterprise team identify potential issues, prioritize a response and execute an efficient plan of mitigation. Furthermore, the data produced in these instances can serve as a critical piece to the puzzle. Without objective data, performing a third-party assessment loses its value. 

To learn about ways RiskRecon can support your third-party and enterprise risk needs, read more here.

You can find more insights on the research we gathered with Cyentia Institute here.