Small and medium-sized businesses (SMBs) are taking more steps to find potential security risks against IoT devices in the workplace than large enterprises, according to a new report.
The research of 950 IT security professionals, carried out by IT security company Pwnie Express, found that 41 percent of IT security professionals at large enterprises did not know what types of attacks had affected their IoT devices in the past year, whereas only 25 percent of SMB-based IT professionals were unaware.
The survey also found that respondents from companies with fewer than 1,000 employees were also more likely to know how many devices are connected to their networks (62 percent for SMBs compared to 47 percent for larger enterprises) and how many connected devices are owned by employees (39 percent at SMBs versus 25 percent at larger organizations).
Nearly two-thirds (64 percent) of SMBs had checked wireless devices for malicious infections in the last month, while 55 percent of IT security professionals at larger organizations had done the same.
A third of IT security professionals at SMBs had checked wireless devices that employees bring into the office in the last month, while just 20 percent of the employees at large organizations made the same checks.
BYOD security discrepancies
However, larger enterprises fared better in other areas. The survey finds that they are more likely to have Bring Your Own Device (BYOD) policies (41 percent, compared to 25 percent of SMBs); detect connected device threats (68 percent of the IT security professionals with large companies said they felt prepared, while 60 percent of SMBs said the same thing); and respond to connected device threats (73 percent of large organizations said they felt ready to respond, but at SMBs, 60 per cent of respondents said they felt the same way).
“It’s a bit counterintuitive, because large companies have the finances and the people to secure their connected devices and critical infrastructure, but smaller operations are doing more with less,” said Pwnie Express CEO Paul Paget. “That said, it is clear that the introduction of IoT into the enterprise is challenging the status quo of IT security across the board.”