Read Time:2 Minute, 3 Second

According to new research released by Claroty, vulnerability disclosures targeting Internet of Things (IoT) devices have grown by 57% during the first half (1H) of 2022 compared to the previous six months.

The State of XIoT Security Report: 1H 2022 discovered that vendor self-disclosures increased by 69% over the same time period. These vendors have become more prolific reporters than independent research outfits for the first time. Also, fully or partially remediated firmware vulnerabilities increased by 79%, a notable improvement given the relative challenges in patching firmware versus software vulnerabilities.

“Decades of connecting physical things to the internet has led us to a place where cyber-physical systems are now impacting our real-world experiences, from the food we eat and water we drink to the elevators we ride and medical care we receive,” Amir Preminger, vice president of research at Claroty, stated. “This study was conducted to provide decision-makers in these critical sectors with a thorough view of the XIoT vulnerability landscape, allowing them to correctly evaluate, prioritize, and address risks to mission-critical systems such as public safety, patient health, smart grids and utilities.”

The report showed that the top 10% of most exploited IoT vulnerabilities were all remotely exploitable, with an average CVSS score of 9.8. The most common attack vector among these was ‘network’ (93%), followed by ‘adjacent network’ (7%).

According to the study, 80 new vendors appeared in the 1H 2022 rankings, with 23% of all vulnerabilities attributed to them. This suggests that new IoT devices are being adopted at a rate that is outstripping the ability of mature vendors to address security issues.

“The results of this study should be a call to action for both enterprises and regulators,” Preminger continued. “We urge enterprises to take a comprehensive and risk-based approach to IoT security that includes prevention and detection capabilities and formal processes for managing vulnerabilities throughout the product lifecycle. And we urge regulators to consider mandating minimum security standards for IoT devices.”

This is a significant problem that needs to be addressed. IoT devices are becoming more and more commonplace, and as such, they are becoming increasingly attractive targets for attackers. The fact that new vendors are appearing at a rate that is outstripping the ability of mature vendors to address security issues is particularly worrying. Enterprises must take a comprehensive and risk-based approach to IoT security, and regulators must consider mandating minimum security standards for IoT devices.

About Post Author

George Walsh

george@writefuel.com
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
0 0
In,
telcos Previous post ACMA Reports That Telcos Have Successfully Blocked Millions of Scam Calls in Australia
you've been hacked Next post “Have You Been Hacked?”—the Australian Cyber Security Centre (ACSC) Has Unveiled a New Online Tool to Assist Individuals Who Have Been the Target of a Cyber Assault

More Stories