Connected devices increasingly at risk of cyber attacks

Devices connected to an enterprise network are increasingly at risk of cyberattack, according to a study by tech security firm Ordr.

Its report uncovered new pandemic-related cybersecurity challenges, including the large-scale growth of connected devices and a subsequent increased risk of security vulnerabilities. It used findings from security risk and trend analysis of data for the 12 months to June 2021 across the company’s 500+ deployments in healthcare, life sciences, retail, and manufacturing.

The number of agentless and un-agentable devices increased to 42% in this year’s report, including medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.

Ordr also discovered that popular consumer devices are often connected to the enterprise network, including Pelotons, Sonos speakers, gaming machines, Alexas and Teslas. While the usage of unsanctioned shadow IoT devices was highlighted in the same report last year, the new figures suggest that there are two times more personal devices this year, increasing the threat landscape and delivering a wealth of data for threat actors to use to profile targets.

The report also identified that about 19% of deployments had devices running outdated operating systems Windows 7 and older, and almost 34% of deployments with devices running Windows 8 and Windows 10, which are expected to end-of-life in 2023 and 2025 respectively. Among the report’s most troubling findings was the discovery that 15% of medical devices and 32% of medical imaging devices run on outdated operating systems. This is because many medical devices remain in operation for a number of years and cannot be easily replaced for cost reasons.

Greg Murphy, CEO of Ordr, said: “We found an astonishing and worrisome number of vulnerabilities and risks in connected devices, which is a crucial reminder that organisations must have comprehensive visibility as well as security for everything connecting to their networks. As the number of connected devices climbs, the number and sophistication of attacks targeting them will grow.”

The report also found that 46% of all connected devices are vulnerable to medium and high severity attacks. Top attacks included external communications to malicious URLs such as Darkside and Conti ransomware sites, followed by attacks due to vulnerable operating systems.

    Share Story:

Recent Stories

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021