Enterprise Equipment

Enterprise IoT firmware typically integrates upwards of 300 open-source software (OSS) projects. This means the firmware contains not only the manufacturer’s bugs, but all the bugs that are in the OSS. These software connections create an unprecedented attack surface. 

Enterprise 1024x371 1

Dellfer for Consumer IoT

Dellfer takes a unique approach to protect enterprise IoT devices, such as office equipment, climate controls, occupancy sensors, and security systems. Conceptually, it is simple. Dellfer essentially takes a fingerprint of the software used to run an IoT device, then sets up detection mechanisms that trigger defenses if any changes appear. For instance, if malware is injected into the software, Dellfer detects it and quarantines it. Or, if the software is altered to behave differently, Dellfer identifies the source of the issue and neutralizes it.

 

Declining IoT Security

According to the Unit 42 IoT Threat Report:

“We found that the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten.”

 

Scope of IoT Devices

According to Adam Weinberg, Security Boulevard:

“By the end of 2020, of the 21.7 billion active connected devices worldwide, over 50% were Internet of Things (IoT) device connections. By 2025, there will be more than 30 billion IoT connections. That’s almost 4 IoT devices per person on average.”

 

Enterprise IoT by the Numbers

  • 86% of enterprise IoT devices have security findings rated as critical
  • 69% of enterprises have more IoT devices on their networks than computers.
  • 700% increase in malware attacks aimed at IoT devices over pre-pandemic numbers
  • 5 billion attacks against IoT devices during the first half of 2021

Enterprise Connected Devices

Enterprise connected device firmware typically integrates and stitches together many open-source software (OSS) projects—sometimes upwards of 300!—which means the firmware contains not only the manufacturers bugs, but all the bugs that are in open, third-party components. Not every connected device will be operating the latest and greatest code from the manufacturer; a zero-day mitigation strategy is critical to maintaining a device’s trustworthiness. 

Enterprise Firmware Bugs
CISA'S Top Routinely Exploited CWE in 2020

Hackers Prefer Enterprise Connected Devices

The top 30 vulnerabilities routinely-exploited in 2020, and the ones widely exploited thus far in 2021, have primarily targeted connected devices. The majority of the vulnerabilities allow malicious cyber actors to perform remote and arbitrary code execution – the ability for an attacker to run malware on a connected device.

Deeper, Disturbing Trend

Marketplaces for selling exploits are growing quickly. Demand, supply, and expected high ROI is fueling the Zero-Day vulnerability marketplace. Nation-state actors and criminal organizations are actively seeking, purchasing, and exploiting Zero-Day vulnerabilities. Researchers sell exploits to either fix or disclose vulnerabilities, which means that fixing exploits becoming ever more expensive.
How much are threat actors paying for zero-day exploits?
Platform
2012
2021
Adobe Reader
$5K-$30K
$80K
Mac OSX
$20K-$50K
$50K
Android
$30K-$60K
< $2.5M
Microsoft Word
$50K-$100K
< $100K
Windows
$60K-$120K
< $1M
Chrome
$80K-$200K
< $500K
iOS
$100K-$200K
< $1M
Enterprise Equipment
< $1M
Dellfer Hacker

Are you Protected from Cyberattacks?

The rogue authoritarian regime, North Korea, has used cybercrimes to evade sanctions. Cyberattacks accounted for an estimated 2.77% of the country’s GDP in 2019. The regime raised $2,000,000,000 from cyberattacks for 2016 and 2019, according to a United Nations Security Council Sanctions Committee report.

Global cybercrimes are estimated to reach $6,000,000,000,000 ($6T) by the end of 2021, this greater than the global illicit drug crime market. Cybercrime is expected to continue to grow 15% annually, reaching $10,000,000,000,000 ($10T) by 2025. The average NFL player’s salary is $860,000. In contrast, a cybercriminal with little risk of head injuries, can earn a $2,000,000 salary.

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This White Paper

Enter Your Information to Access This Datasheet

Enter Your Information to Access This Datasheet