May 16, 2018

Companies fail to run devices by cybersecurity staff

An internet connected refridgerator

A Samsung internet-connected refridgerator debuting at the 2016 CES expo. Photo: Alex Wong/Getty Images

An unscientific survey released today from the cybersecurity firm Pwnie Express suggests as few as 31% of companies involve their cybersecurity personnel in all device purchases.

Why it matters: Devices can range from medical equipment to manufacturing robots, to internet connected coffee makers. All of them can be involved cyber attacks. A poorly secured internet-connected toaster can provide a foothold for an attacker, while attackers could down a poorly secured industrial system and shut down an assembly line.

By the numbers: In the survey of roughly 600 cybersecurity professionals, only 31% said they were clear "all device purchases had to be cleared with security personnel."

  • The majority, 61%, said the opposite, with 8% saying they did not know.

Details: The data was reported in Pwnie Express's annual Internet of Evil Things report. The 600 respondents were not normalized for their companies size or industry — there may, for example, have been too many small health care firms or large automakers — but still provide a rough estimate of the issues in play.

Go deeper