A recent study released by Arctic Wolf Networks (2017) has found that many organizations are completely unprepared for cyber attack, and Internet of Things (IOT) devices are only making the problem worse. In the wake of attacks such as the one on Equifax, it has become clearer than ever that every organization needs a comprehensive cyber security strategy in place.
The study revealed that 100% of the companies that were included use at least one IOT device. Because these IOT devices often do not have the necessary security infrastructure built in, they are easy targets. While nearly every company had a firewall and antivirus system in place, that is unfortunately just the beginning of what is needed. The advanced threats seen today easily bypass these measures and many organizations are unprepared for cyber attack.
The Equifax attack, for example, was an attack on a web application. (2017, Wolff-Mann) This type of attack tricks an interactive web page, such as a form, into giving up far more from the database accessed than requested using a SQL Injection Attack. So for example, rather than just providing the requested information, any information stored in the database could be captured by hackers, and used for nefarious purposes. Unfortunately, many organzations focus on network security instead of software security, resulting in data breaches such as the one experienced by Equifax. Rohit Sethi, COO of Security Compass, believes that the automated testing and scans that many organizations rely on cannot measure up to what a trained human being can do.
Several industries have found themselves subject to attacks on IOT devices, with transportation leading the way. 29% of transportation companies have reported being subject to an attack, followed by 22% of energy, oil and gas; utilities, construction and property; and IT, Technology and Telecoms. And this number is expected to rise as cyber criminals become more sophisticated in their attacks. The infrastructure maintained by these industries is critical, and organizations cannot ignore the necessity to put trained personnel and advanced systems in place to protect the people that they serve. As hackers become more sophisticated, ignorance is no longer an excuse to be unprepared for cyber attack.
It is up to every organization to get the training and put the systems in place needed to defend against cyber attack, and protect their organizations and customers.
Does your organization need cyber security training? IEEE offers both cyber security and ethical hacking training to help organizations prepare. Learn more about organization pricing and request a quote here.
Wolff-Mann, E. (2017, Sept 8). Equifax hack exposes a major cybersecurity gap. Yahoo! Finance.
Arctic Wolf Networks. (2017, Sept 7). Ransomware of Things: When Ransomware and IoT Collide. arcticwolf.com.