SMBs Largely Unprepared for IoT, Ransomware Attacks

SMBs Largely Unprepared for IoT, Ransomware Attacks

At the intersection of the internet of things (IoT) and ransomware lies a disturbing reality: Small- and medium-sized businesses are critically unprepared for an attack in this arena; and, nearly half of them would pay a ransom on connected things to reclaim their data.

That’s according to Arctic Wolf, which found that 45% of participants in a recent survey claim they are likely to pay up. It also found that 13% of SMBs (one in eight) have experienced an IoT-based attack already.

The study, which surveyed 300 individuals responsible for the IT or security functions inside companies with between 200 to 3,000 employees, also discovered that the most impacted industry so far is transportation, with 29% of companies indicating they have already experienced an IoT attack. Companies in the energy, construction and technology industries have also been ongoing targets.

Unfortunately, many still are not taking the necessary security measures. According to the research, SMBs are woefully unprepared for new cyber threats and most still struggle with security basics: For instance, nearly 70% of respondents do not have a formal incident response plan. Most (80%) don’t have products to protect against zero-day threats, and over half (62%) do not conduct log analysis.

The survey showed that despite the lack of precautionary measures, SMBs have embraced IoT, with more than 80% indicating that IoT functionality is a plus when buying devices. Also, organizations are well aware of the threat, with over 70% of respondents expressing concern about an IoT-based ransomware attack.

“The next chapter in the story will raise the stakes with possible attacks on medical devices, electric grids and transportation systems, which could cause the loss of life,” said Brian NeSmith, CEO and co-founder of Arctic Wolf. “Companies not spending millions of dollars on security will be at a severe disadvantage fending off criminals who are organized, well-funded and very sophisticated in their methods.”

The report found that the targets of greatest concern for attack are computer hardware and systems, followed by key locks, industrial control systems and printers/scanners.

Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit

Source: Information Security Magazine