The potential of connected devices to create damage, injury and mayhem is an ongoing security concern. But so far, the Internet of Things is not being linked, in a significant way, to security problems, says a new study.
Verizon, in its just-released annual report of report of cyber incidents, identifies phishing as the major problem. Of the over 65,200 incidents it gathered data about, about 3,250 resulted in a breach, or confirmed disclosure of data to a third party. (In Verizon's parlance, a security 'incident' falls short of a breach.)
A major problem remains phishing, where typically an email with a malicious attachment or link is used to entrap a victim. There were about 9,500 reported incidents, with just over 900 reports of confirmed data disclosure. The main perpetrators of these attacks are organized crime syndicates (89%) and state-affiliated actors (9%), it said.
Humans remain the weakest security link. In looking at phishing activity, the report wryly points out that "the communication between the criminal and the victim is much more effective than the communication between employees and security staff."
It recommended improving email filtering and awareness training, and developing a means to protect the rest of the network from employee mistakes.
The IoT has been identified as a potential security threat on a number of levels. Internet-connected devices can act as spyware, collecting voice, video or just usage data for unauthorized uses. And then there are James Bond-type breaches, where nefarious parties control machines, industrial settings, motor vehicles, drones and any connected devices.
But in terms of the IoT-connected problem, the Verizon report didn't turn up issues. "We still do not have significant real-world data on these technologies as the vector of attack to organizations," it said of the IoT.
