Cybersecurity Ventures estimates that ransomware will attack businesses every 14 seconds by the end of 2019, up from every 40 seconds in 2016. That figure doesn’t even begin to touch attacks on individuals, which occur more frequently than businesses. Even more telling, ransomware is estimated to cost $11.5 billion annually in 2019.
In addition to ransomware, traditional malware continues to be a growing threat. According to Panda Security, some 230,000 new malware samples are created every day. Yet, according to reports, when a breach does occur it takes organizations an average of 197 days to detect it.
In spite of the state of cybersecurity threats, a recent study (PDF press release) sponsored by nCipher Security, and conducted by Ponemon Institute, found that enterprises are leaving themselves vulnerable to cybersecurity threats. Encryption for IoT devices, as well as platforms and data, was only at 28 and 25 percent respectively.
On the plus side, many organizations are relying heavily on public key infrastructure (PKI)—the software, hardware, rules and policies used to manage public-key encryption and digital certificates—to help secure their operations.
“PKI use is evolving as organizations address digital transformation across their enterprises. In addition to IoT, more than 40% of our respondents also cited cloud and mobile initiatives as driving PKI use,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Clearly, the rapid growth of the IoT is having a huge impact on the use of PKI, as organizations realize that PKI provides core authentication technology for connected devices. For organizations to gain full advantage of their digital initiatives, they must continue to improve the security maturity of their PKIs.”
In spite of this, however, many organizations are running into barriers—both technical and organizational—to successful PKI deployment. This is especially true when upgrading legacy applications, where 46 percent listed issues. In addition, 45 percent cited insufficient skills as an issue, while 38 percent cited limited resources as problem. Even more disturbing, some 30 percent of organizations are not using any certificate revocation techniques.
“The scale of IoT vulnerability is staggering – IDC recently forecasted that there will be 41.6B connected IoT devices by 2025, generating 79.4 zettabytes of data,” said John Grimm, senior director of strategy and business development at nCipher Security. “There is no point in collecting and analyzing IoT-generated data, and making business decisions based upon it, if we cannot trust the security of devices or their data. Building trust starts with prioritizing security practices that counter the top IoT threats, and ensuring authenticity and integrity throughout the IoT ecosystem.”
Download the full study here.