Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/20/2020
08:00 AM
Dark Reading Staff
Dark Reading Staff
Products and Releases
50%
50%

7 Out of 10 Organizations Have Seen Hacking Attempts via IoT

New global survey from Extreme Networks reveals security precautions are falling flat and businesses underestimate the pervasiveness of insider threats.

SAN JOSE, Calif., Feb. 19, 2020 ― New data from Extreme Networks, Inc. (Nasdaq: EXTR), a cloud-driven networking company, reveals that IoT is barreling toward the enterprise, but organizations remain highly vulnerable to IoT-based attacks. The report, which surveyed 540 IT professionals across industries in North America, Europe, and Asia Pacific, found that 84% of organizations have IoT devices on their corporate networks. Of those organizations, 70% are aware of successful or attempted hacks, yet more than half do not use security measures beyond default passwords. The results underscore the vulnerabilities that emerge from a fast-expanding attack surface and enterprises’ uncertainty in how to best defend themselves against breaches.

Key findings include:

  • Organizations lack confidence in their network security: 9 out of 10 IT professionals are not confident that their network is secured against attacks or breaches. Financial services IT professionals are the most concerned about security, with 89% saying they are not confident their networks are secured against breaches. This is followed by the healthcare industry (88% not confident), then professional services (86% not confident). Education and government are the least concerned of any sector about their network being a target for attack.
  • Enterprises underestimate insider threats: 55% of IT professionals believe the main risk of breaches comes mostly from outside the organization and over 70% believe they have complete visibility into the devices on the network. But according to Verizon’s 2019 Data Breach Investigations Report, insider and privilege misuse was the top security incident pattern of 2019, and among the top three causes of breaches. 
  • Europe’s IoT adoption catches up to North America: 83% of organizations in EMEA are now deploying IoT, compared to 85% in North America, which was an early adopter. Greater IoT adoption across geographies is quickly expanding the attack surface.
  • Skills shortage and implementation complexity cause NAC deployments to fail: NAC is critical to protect networks from vulnerable IoT devices, yet a third of all NAC deployment projects fail. The top reasons for unsuccessful NAC implementations are a lack of qualified IT personnel (37%), too much maintenance cost/effort (29%), and implementation complexity (19%).
  • SaaS-based networking adoption grows: 72% of IT professionals want network access to be controlled from the cloud. This validates 650 Group’s prediction that more than half of enterprise network systems will transition to SaaS-based networking by the end of 2023.

Extreme provides the multi-layered security capabilities that modern enterprises demand, from the wireless and IoT edge to the data center, including role-based access control, network segmentation and isolation, application telemetry, real-time monitoring of IoT, and compliance automation. As the mass migration of business systems to the cloud continues, cloud security becomes ever more important. Extreme’s security solutions extend in lockstep with the expanding network perimeter to harden enterprises’ environments both on-premises and in the cloud.

The State of Network Security in 2020 Webinar

Join us on Tuesday, March 3 at 2pm ET for a round-up of the top network threats for the year, and new approaches that can help you advance in the fight for a safer network. Register here...

Executive Perspective

David Coleman, Director of Product Marketing, Extreme Networks

"Enterprise adoption of IoT, coupled with the fast rise of cloud and edge computing, is massively expanding the attack surface. But the single greatest cybersecurity threat today is inertia. This data shows that across sectors, IT professionals are not confident in their own network security. Yet so many organizations still rely on the same legacy security tools they’ve been using for decades. It’s critical for enterprises to demand multi-layered network security solutions purpose-built for the modern, hybrid enterprise."

Additional Resources

About Extreme Networks

Extreme Networks, Inc. (EXTR) is the industry’s first cloud-driven, end-to-end enterprise networking company. Our best-of-breed technology solutions, from the wireless and IoT edge to the data center, are flexible, agile, and secure to accelerate the digital transformation of our customers and provide them with the fastest path to the autonomous enterprise. Our 100% in-sourced services and support are number one in the industry. Even with 50,000 customers globally, including half of the Fortune 50 and some of the world's leading names in business, hospitality, retail, transportation and logistics, education, government, healthcare, and manufacturing, we remain nimble and responsive to ensure customer and partner success. We call this Customer-Driven Networking™. Founded in 1996, Extreme is headquartered in San Jose, California. For more information, visit Extreme's website or call 1-888-257-3000.

Extreme Networks the Extreme Networks logo, Extreme Elements, Extreme Fabric Connect and ExtremeControl and ExtremeCloud are either trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries.

###

 
Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...