Cyber attacks against unprotected Internet of Things (IoT) devices could have dire consequences for businesses, according to a survey of risk management professionals.
In a study by the Ponemon Institute and Shared Assessments, 94% said a cyber attack exploiting an unsecured connected device or application could be catastrophic.
Some 76% said a distributed denial of service (DDoS) attack, in which huge floods of traffic render a service unusable, is likely to target an unsecured IoT device within the next two years.
But 77% said they do not consider IoT-related risks in their third-party due diligence and 67% do not evaluate IoT security practices before engaging in business relationships.
Securing the IoT, which includes connected devices like smartwatches and televisions as well as specialist devices like medical and manufacturing equipment, should be a high priority for SMEs.
This hardware, which often lacks basic security controls and is frequently used with its default passwords unchanged, is an attractive target to cyber criminals who want to use it to pivot into company networks, hold it to ransom or take control of it for use in other attacks.
The Mirai botnet, which was used to launch DDoS attacks in 2016, took control of a network of thousands of IoT-connected devices by attempting to log in using factory default credentials. The resulting attacks caused disruption to major websites and internet service providers.
Cyber security experts have also warned that the next generation of ransomware could lock connected devices and demand payment to return them to operation.
Gartner estimates that 8.4 billion IoT-connected devices will be in use in 2017, with that figure rising to 20.4 billion by 2020 – 5.7 billion of which will be in business environments.
To keep connected devices secure, businesses are advised to install the latest updates from their manufacturers and use long, complex passwords instead of the defaults.