A quarter of organizations say they are already using AI-based security

The more devices are connected to a network, the more potential for an attack – and according to Cisco, by 2021 there will be more than three times as many connected devices around the world as there are people.

That’s a lot of devices to protect. And in a new global research study conducted by the Ponemon Institute on behalf of HP subsidiary Aruba, more than three-quarters of respondents believe their IoT devices are not secure, with 60% saying even simple IoT devices pose a threat. Two-thirds said they have little or no ability to protect their ‘things’ from attacks.

“Securing IoT devices is particularly challenging, not only from [the] sheer numbers of devices but also because IoT devices are lightweight and often can’t be protected with traditional endpoint security,” says Larry Lunetta, vice president of marketing at Aruba.

The prevalence of non-traditional attack vectors is why cybersecurity professionals are increasingly turning to artificial intelligence (AI) and machine learning (ML) to close the security gap and protect data and other high-value assets.

The Ponemon study found that a quarter of organizations are using some sort of AI-based security solution, with another quarter saying they plan to introduce one in the next 12 months.

Most agree that they can reduce false alerts and increase their team’s effectiveness by using AI to improve the speed with which they can discover and respond to attacks that have evaded perimeter defence systems.

“Technologies such as ML and behavioural analytics are essential to detecting attacks on the inside before they do damage,” the researchers said. “The most beneficial aspect of automation is reducing the amount of time and effort required to investigate an alert.”

It’s perhaps unsurprising that security professionals are taking IoT risks so seriously. During the first half of this year alone, Kaspersky researchers uncovered three times as many malware samples attacking IoT devices as in the whole of 2017.

One of the most popular attack and infection vectors against devices was cracking Telnet passwords, while, when it came to downloading malware onto IoT devices, the Mirai family of malware was top choice.

“Malware for smart devices is increasing not only in quantity, but also quality,” the researchers say. And they call out manufacturers for not doing more.”

They added: “There are no reminders to change the default password during initial setup or notifications about the release of new firmware versions, and the updating process itself can be complex for the average user.”

RELATED Risky business: Navigating the murky waters of cyber insurance