theDocumentId => 1341430 Armis Data Highlights Need for Enterprise Security ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/29/2021
11:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Armis Data Highlights Need for Enterprise Security as End Users Lack Awareness of Major Cyberattacks

PALO ALTO, Calif., June 29, 2021 (GLOBE NEWSWIRE) -- Armis, the leading unified asset visibility and security platform provider, today released new data uncovering the lack of knowledge and general awareness of major cyberattacks on critical infrastructure and an understanding of security hygiene. The survey of over 2,000 respondents from across the United States found that end users are not paying attention to the major cybersecurity attacks plaguing operational technology and critical infrastructure across the country, signaling the importance of businesses prioritizing a focus on security as employees return to the office. In the past year, 65,000 ransomware attacks occurred in the United States. In other words, approximately 7 attacks per hour, a rate that is expected to continue to rise. As the U.S. looks at its vulnerable industries, the responsibility is falling on businesses to ensure that they are keeping the organization and employees safe and secure.

From the Colonial Pipeline attack shutting down services, to the Florida Water Facility hack endangering the water supply, to the ransomware attack on JBS, which could raise meat prices and also restrict access to necessary nutrients in developing countries — the impact of cyber attacks on our critical infrastructure has been evident. We’ve also seen ransomware hit healthcare in a major way, with attacks on Scripps Health's technology systems and a chain of Las Vegas hospitals. Despite the spotlight on these attacks, the data shows that many consumers are simply not taking notice — and the responsibility of security falls on the businesses themselves.

As the risk of attack continues to rise, and businesses move toward a hybrid in-office/work from home model, it is imperative that businesses are considering security and ensuring the proper policies and protections are in place. Thinking critically about security early on, and weaving it into your company’s everyday practices, can be the difference-maker as employees return to the office.

“The attacks on our critical infrastructure are clear evidence of the need for cybersecurity and assurance to all our utility providers and players,” said Curtis Simpson, CISO at Armis. “It is also an unfortunate example of the huge vulnerability of an aging infrastructure that has been connected, directly or indirectly, to the internet. Organizations must be able to know what they have, track behavior, identify threats, and immediately take action to protect the safety and security of their operations. This data shows that there is less consumer attention on these attacks as we might expect, and so that responsibility falls to businesses to shore up their defenses.”

Key Findings of the Survey include:

  • Education and Awareness Of Cyberattacks Is Still Lacking: Despite these major attacks making headlines on the national stage, respondents showed a lack of awareness of these attacks and their impact on consumers and businesses. Over 21% of respondents have not even heard about the cyberattack on the largest U.S. fuel pipeline, and almost half (45%) of working Americans did not hear about the attempted tampering of Florida’s water supply.

  • The Severity Of The Attacks Is Not Sticking: Despite the complete shutdown of the Colonial Pipeline following the attack, and the halting of production at JBS, consumers don’t see the lasting effects of these attacks. 24% of respondents believe that the Colonial Pipeline attack will not have any long-lasting effects on the U.S. fuel industry.

  • Healthcare Could be The Next Frontier For Hackers: According to a commissioned study conducted by Forrester Consulting on behalf of Armis, 63% of healthcare delivery organizations have experienced a security incident related to unmanaged and IoT devices over the past two years. Yet today’s data shows that when it comes to device security, over 60% of healthcare employees believe that their personal devices do not pose any security threat to their organization. What’s more, 26% said that their companies do not have any policies in place to secure both work and personal devices.

  • Employees are Putting Businesses at Risk Through Devices: As COVID restrictions begin to lighten, enterprises are starting to talk about the return to the office, but as we go back, businesses need to be thinking about overall enterprise security, especially as employees have expressed their intention to continue some potentially risky habits. The data shows that over 71% of employees intend to bring their WFH devices back to the office, with over 82% of that group being IT professionals, whose main job function is to ensure the security of the organization. Despite the risks prevalent, 54% don’t believe their personal devices pose any security risk/threat to their organization.

Additional Resources

  • Join the conversation with Armis on LinkedIn and Twitter
  • Visit Armis.com to get more insights on our agentless device security platform
  • Request a demo of the Armis agentless device security platform
  • Apply to become an Armis partner

Methodology
Censuswide conducted the survey on behalf of Armis of more than 2,000 professionals in various industries from across the United States in May 2021.

About Armis
Armis is the leading unified asset visibility and security platform designed to address the new threat landscape that connected devices create. Fortune 1000 companies trust our real-time and continuous protection to see with full context all managed, unmanaged, and IoT devices, including medical devices (IoMT), operational technology (OT) and industrial control systems (ICS). Armis provides passive and unparalleled cybersecurity asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in Palo Alto, California.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.