- As more industries, including healthcare, continue to implement connected devices in critical infrastructure segments, there will likely be an increase in Industrial Internet of Things (IIoT) cybersecurity attacks, according to a recent Tripwire survey.
The majority of surveyed IT security professionals – 96 percent – reported that they expect to see an increase in IIoT security attacks in 2017. However, 51 percent admitted that they “do not feel prepared for security attacks that abuse, exploit, or maliciously leverage insecure IIoT devices.”
“Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” Tripwire Chief Technology Officer David Meltzer said in a statement. “There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations.”
The survey was commissioned by Dimensional Research, and included the responses from approximately 400 individuals who “had responsibility for IT security as a significant part of their job.”
Sixty-four percent of those surveyed added that IIoT attacks are becoming more popular among hackers, which is why it is more necessary to protect against those types of attacks.
Even so, the majority of respondents – 90 percent – said that they expect IIoT deployments to increase, while 94 percent said IIoT will likely increase their organization’s risk and vulnerability.
This sentiment held true for both large and small companies. Ninety-six percent of larger companies said they expect a significant increase in risk from IIoT use, and 93 percent of smaller companies felt the same.
IDC Security Research Manager Robert Westervelt explained that it’s essential for organizations utilizing IIoT to understand the new threats that could affect their critical operations.
“Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes,” Westervelt said in a statement. “The concern for a cyber attack is no longer focused on loss of data, but safety and availability. Consider an energy utility as an example - cyber attacks could disrupt power supply for communities and potentially have impact to life and safety.”
A Redspin report from February 2017 also found that healthcare will likely continue to suffer from an increasing amount of cybersecurity attacks.
Redspin’s Breach Report 2016: Protected Health Information (PHI) found that healthcare cybersecurity attacks – data breaches stemming from hackers specifically – increased 320 percent from 2015 to 2016. The report showed that 96 healthcare providers reported PHI breaches of greater than 500 records due to hacking/IT incidents, an increase of 320 percent over 2015.
Furthermore, 81 percent of the breached records last year came from hacking attacks.
“Healthcare providers have become the primary targets of malicious hackers, and their attacks are becoming increasingly sophisticated and disruptive to operations,” CynergisTek Vice President Dan Berger said in a statement. “The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond.”
Redspin also explained that there was a year-over-year increase of 181 percent in the total number of health records breached in provider hacking attacks.
In total, there were 9,503,161 patient records affected in a healthcare data breach, stemming from a hacking attack, in 2016. There were 5,249,675 patient records affected in the same type of incident for 2015.