Enterprise IoT firmware typically integrates upwards of 300 open-source software (OSS) projects. This means the firmware contains not only the manufacturer’s bugs, but all the bugs that are in the OSS. These software connections create an unprecedented attack surface.
Dellfer for Consumer IoT
Dellfer takes a unique approach to protect enterprise IoT devices, such as office equipment, climate controls, occupancy sensors, and security systems. Conceptually, it is simple. Dellfer essentially takes a fingerprint of the software used to run an IoT device, then sets up detection mechanisms that trigger defenses if any changes appear. For instance, if malware is injected into the software, Dellfer detects it and quarantines it. Or, if the software is altered to behave differently, Dellfer identifies the source of the issue and neutralizes it.
Declining IoT Security
According to the Unit 42 IoT Threat Report:
“We found that the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten.”
Scope of IoT Devices
According to Adam Weinberg, Security Boulevard:
“By the end of 2020, of the 21.7 billion active connected devices worldwide, over 50% were Internet of Things (IoT) device connections. By 2025, there will be more than 30 billion IoT connections. That’s almost 4 IoT devices per person on average.”
Enterprise IoT by the Numbers
- 86% of enterprise IoT devices have security findings rated as critical
- 69% of enterprises have more IoT devices on their networks than computers.
- 700% increase in malware attacks aimed at IoT devices over pre-pandemic numbers
- 5 billion attacks against IoT devices during the first half of 2021
Enterprise Connected Devices
Enterprise connected device firmware typically integrates and stitches together many open-source software (OSS) projects—sometimes upwards of 300!—which means the firmware contains not only the manufacturers bugs, but all the bugs that are in open, third-party components. Not every connected device will be operating the latest and greatest code from the manufacturer; a zero-day mitigation strategy is critical to maintaining a device’s trustworthiness.
CISA'S Top Routinely Exploited CWE in 2020
Hackers Prefer Enterprise Connected Devices
Deeper, Disturbing Trend
How much are threat actors paying for zero-day exploits?
Are you Protected from Cyberattacks?
The rogue authoritarian regime, North Korea, has used cybercrimes to evade sanctions. Cyberattacks accounted for an estimated 2.77% of the country’s GDP in 2019. The regime raised $2,000,000,000 from cyberattacks for 2016 and 2019, according to a United Nations Security Council Sanctions Committee report.
Global cybercrimes are estimated to reach $6,000,000,000,000 ($6T) by the end of 2021, this greater than the global illicit drug crime market. Cybercrime is expected to continue to grow 15% annually, reaching $10,000,000,000,000 ($10T) by 2025. The average NFL player’s salary is $860,000. In contrast, a cybercriminal with little risk of head injuries, can earn a $2,000,000 salary.