The Internet of Things continues to promise to be one of the biggest challenges facing security professionals with a new global study confirming widespread abuse of the new devices and systems.
Aruba Networks, Hewlett Packard Enterprise wireless networking subsidiary, has revealed that 84 per cent of companies have already experienced some sort of IoT breach in a new study involving over 3,000 companies across 20 countries.
The Aruba study found that malware posed the greatest threat to IoT accounting for nearly 50 per cent of IoT breaches reported in the survey. Spyware and human error also ranked high among the list of threats to IoT systems with each being cited as the cause for breaches each in a further 38 per cent of cases.
However, in some cases breaches have been attributed to common office and building items such as internet-connected air-conditioning units, and heating and ventilation monitoring equipment, according to Aruba’s South Pacific general manager Anthony Smith.
Mr Smith said that the use of IoT devices as a conduit to infiltrate network and IT infrastructure was becoming more common among online intruders.
“This is where we’ve observed some interesting phenomena where integrating smart building management systems, such as HVAC (Heating Ventilation and Air-Conditioning), somehow along the way inadvertently integrates the corporate IT environments,” Mr Smith said.
He said that had led to egregious examples of where companies failing to adopt sufficient security rigour across their entire technology infrastructure leaving holes for intruders to breach core systems.
“It has to be secure by design and not retro-fitted now,” he added.
And Aruba South Pacific systems engineering director, Mark Verbloot, said that the securing IoT systems was particularly difficult due to the nature of the devices involved in their construction.
“This is a bit of a challenge because, for the most part we’re not talking about well-hardened devices running on these IoT systems. We’re talking about low-cost, high-volume devices that are running very minimal operating systems with minimal security. These represent a whole new series of attack vectors on the network,” Mr Verbloot said.
Nevertheless, the study found that, globally, 89 per cent of companies expected to have some form of IoT system in place by 2019. Aruba Australian companies were slower IoT adopters by comparison with only 77 per cent reporting plans to include it in their technology roadmaps over the next two years.