Pwnie Express Research Finds More Resources at Large Companies Hasn’t Yielded Better IoT Security

Small and midsized organizations (SMEs) are taking more steps to protect themselves from security risks associated with the Internet of things (IoT) than large businesses, according to new data from IoT security leader Pwnie Express. Released today, the “Is Bigger Better?” research paper found that small businesses are more likely to close the IoT security gap and better protect mission critical systems and business operations from malware and other threats.

In short, the Pwnie Express research of 950 IT security professionals finds that despite fewer security resources than their larger counterparts, smaller organizations are doing more to identify potential threats and assess potential dangers introduced by connected devices.

“It’s a bit counterintuitive, because large companies have the finances and the people to secure their connected devices and critical infrastructure, but smaller operations are doing more with less,” said Pwnie Express CEO Paul Paget. “That said, it is clear that the introduction of IoT into the enterprise is challenging the status quo of IT security across the board.”

Especially troubling was the fact that 41 percent of IT security professionals at companies with more than 1,000 employees did not know what types of attacks (i.e., ransomware, malware, man-in-the-middle attacks) had hit their IoT devices in the last year. Only 25 percent of IT security pros at SMEs were unaware of attacks – a number that is still too high, but much better than the results from the larger companies.

Respondents from organizations with fewer than 1,000 employees were also more likely to:

• Know how many devices are connected to their networks (62 percent for SMEs compared to 47 percent for larger enterprises) and how many connected devices are owned by employees (39 percent at SMEs versus 25 percent at larger organizations)
• Check wireless devices for malicious infections in the last month (64 percent of SMEs had checked, while 55 of the IT security professionals at larger organizations had done the same).
• Have checked wireless devices employees bring into the office in the last month (33 percent of the IT security professionals at SMEs had, while just 20 percent of the employees at large organizations made the same checks).

All was not lost for large enterprises, however. Larger enterprises were more likely to:

• Enact their own Bring Your Own Device (BYOD) policies (41 percent, compared to 25 percent of SMEs);
• Detect connected device threats (68 percent of the IT security professionals with large companies said they felt prepared, while 60 percent at the SMEs said the same thing);
• Respond to connected device threats (73 percent of large organizations said they felt ready to respond to threats. At SMEs, 60 percent of respondents said they felt the same way).

“It’s one thing to say you are ready, but we believe you can’t really be ready if you don’t know what connected devices are coming into your office,” Paget said. “The research shows enterprises have a lot of work to do. Large organizations would benefit from thinking more like the SMEs we saw in our research – knowing what is connected to their networks, regularly assessing the devices in their environment, and being ready to respond to IoT threats coming their way.”

Additionally, Pwnie Express researchers suggested large organizations:

• Recognize the risk new IoT based business systems — HVAC, TVs, printers, even some kitchen appliances—introduce risk alongside their business optimization. The people who buy products for organizations need to know what to look for before they bring devices into the building and IT security pros need to know what to look for once new devices are there.
• Deploy new technologies to monitor device threats.
• Ensure security measures in use can assess threats and offer guidance on what devices need immediate concern.

About Pwnie Express

Pwnie Express closes the IoT security gap exposed by the deployment of IoT in the enterprise. By continuously identifying and assessing all devices and IoT systems, our security platform prevents IoT based threats from disrupting business operations. All without the need for agents, or changes to network infrastructure. For more information visit pwnieexpress.com

About The Internet of Evil Things Research

This is the third year that Pwnie Express interviewed IT security professionals about their level of IoT security. 950 people responded to at least one question from this year’s Pwnie Express survey, with 868 completing all the questions. The margin of error of a survey with 800 respondents is roughly ±3%. Respondents answered Pwnie Express questions between December 14, 2016 to January 5, 2017. Researchers regarded any company with 1,000 or more employees as a large company.