Cybersecurity Insiders: Endpoint, IoT Cyberattacks Plaguing Businesses

The threat has grown significantly due to work-from-home mandates.

Edward Gately, Senior News Editor

October 6, 2020

3 Min Read
IoT security
In the recently published “AlienVault Open Threat Exchange (OTX) Trends Report,” an IoT exploit, or attack that takes advantage of a vulnerability, has emerged among the most-seen exploits. In a recent Gartner survey, almost 20 percent of organizations observed at least one IoT-based attack in the past three years. No surprise that the research company predicts that IoT security spending is poised to reach $1.5 billion in 2018, up 28 percent from 2017 spending of $1.2 billion, and by 2021 security spending is forecast to reach $3.1 billion, including endpoint security, gateway security and professional services. IoT security threats and risks are a very big deal. “In security today, we utilize firewalls and we utilize endpoint software — we’re protecting every endpoint because that’s the logical thing to do,” said Rick Beckers, president and CEO of CloudTech1. “In reality, what we need to do, in general, for the public internet and private networks, is to protect it holistically and at multiple intervals and make it so that it’s not something that we have to install, and therefore maintain at every point of attack.” Beckers’ contends that AI is the next wave to help solve challenges and will do it at the protocol level. “Also, cloud security, which is also out there as a whisper in the channel,” he said, referring to the cloud having its own defense built into it.Shutterstock

A new Cybersecurity Insiders report shows endpoint and IoT cyberattacks increased in the past year and we can expect more in the year ahead.

The report was produced by Cybersecurity Insiders and sponsored by Pulse Secure. It polled 325 IT and cybersecurity decision makers in the United States. They represent a cross-section of organizations from financial services, health care and technology, to government and energy.

Seventy-two percent of organizations saw an increase in endpoint and IoT security incidents in the last year. And 56% expect an endpoint or IoT-originated attack with the next 12 months.

The top three issues are related to malware (78%), insecure network and remote access (61%), and compromised credentials (58%). More than 40% of respondents expressed “moderate to unlikely means to discover, identify and respond to unknown, unmanaged or insecure devices accessing network and cloud resources.”

Clear and Present Escalation

Scott Gordon is Pulse Secure‘s chief marketing officer. The findings show a “clear and present escalation of threats,” he said.

The threat has grown significantly due to work-from-home mandates. But organizations are responding quickly and effectively to this new reality, he noted.


Pulse Secure’s Gordon Scott

“Many organizations have accelerated their zero-trust initiatives to address their lack of visibility and policy enforcement issues,” Gordon said. “Validating endpoints’ security postures and extending multifactor authentication are some of the key methods for improving an organization’s security posture.”

With many new endpoints in many new locations, a zero-trust model for security brings an adaptive and context-based approach, Gordon said. It minimizes the gaps in organizations’ security policies.

The Cybersecurity Insiders research found 41% will implement or advance on-premises device security enforcement (NAC). Thirty-five percent will advance their remote access devices checking. And 22% will advance their IoT device identification and monitoring capabilities.

For those victimized by an endpoint or IoT security issue, the most significant negative impact was a reported loss of user and IT productivity, followed by system downtime.

MSSPs Can Help

The Cybersecurity Insider report said the biggest endpoint and IoT security challenges are insufficient protection against the latest threats; high complexity of deployment and operations; and inability to enforce endpoint and IoT device access/usage policy.

The most critical capabilities include monitoring for malicious or anomalous activity, locking or isolating unknown or at-risk endpoint and IoT devices’ network access, and blocking at-risk devices’ access to network or cloud resources.

Most organizations plan to invest more in secure remote worker access and endpoint security technology in the year ahead.

MSSPs and other cybersecurity providers have an opportunity to bring user-friendly, comprehensive solutions that avoid complex deployment and operational requirements, and that aren’t cost prohibitive,” Gordon said. “A solution that provides a user-friendly experience minimizes the tickets the already stretched-thin IT team has to manage. A solution that provides adaptive and holistic policy management across all people, devices and locations gives the IT team the ability to effectively manage an ever-changing landscape of access points to their organization’s data.”

“The diversity of users, devices, networks and threats continue to grow,” said Holger Schulze, Cybersecurity Insiders’ CEO and founder. “New zero-rust security controls can fortify dynamic device discovery, verification, tracking, remediation and access enforcement.”

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like