Most IoT Devices Are Vulnerable To Exploitation: Wipro

by CXOtoday News Desk    Jun 16, 2017

data stolen

Majority of the Internet of Things or IoT devices including those in the security category too are vulnerable to exploitation, according to a report by Wipro, which has warned that CISOs will be required to keep track of vulnerabilities in the security products themselves. The study found that 2016 saw an alarming (53.6 percent) increase in the number of records stolen across the globe as opposed to 2015.

Data breaches once made public, resulted immediately in high peaking of negative sentiments on social media against the enterprise concerned, indicates the post facto twitter sentiment analysis. 56 percent of breaches reported had user credentials (passwords) as part of the types of data stolen, implying that further damage could be perpetrated using the stolen data.

Wipro has launched the ‘State of Cybersecurity Report, 2017’ which highlights the macro, micro and meso environmental trends in cybersecurity in 2016 and imminent disruptions that can affect future trends.

Another finding of the report highlights that at 33.3 percent, angler was the most observed exploit kit. Angler, RIG, Nuclear were some of the most common types of exploit kits used by cyber criminals.  

The report further said, the Cyber Defence Center (CDC) data analysis points out that 56 percent of all the malware attacks that have taken place in 2016 were a result of Trojans. Likewise, viruses and worms accounted for 19 percent and 20 percent respectively. Other types of malware threat categories like PUA, adware and ransomware, together, though accounted for only 4 percent of attacks, often can lead to significant damages.

Interestingly, emergence of new Internet of Everything “surfaces” like connected cameras, cars, health and industrial automation devices prove to be a great launch pad for the “hacking for hire” industry. The emerging IoT devices come with a low memory and processing footprint and usually accommodate very little security capabilities including patching. Such devices, once “online” with an IP address, are easy prey for sophisticated hacking syndicates. These syndicates can develop custom malware to take control of IoT devices en masse and use them as a launch pad for cyber-attacks.

The report notes that the responsibility for governance of data privacy is still highly centralized, lying with either the CIO, CISO or CPO for 71percent of organizations. Managing privileged access to data was ranked as the highest control amongst data security controls.


“Cyber security is becoming a top priority for businesses. It has become very critical to identify risks near real-time and empower stakeholders to take actions and decisions based on priority. The report highlights crucial findings on attacks, vulnerabilities and cyber defence that are useful for teams across cybersecurity strategy, operations and risk management,” said Sheetal Mehta, Vice President and Global Head, Cybersecurity & Risk Services, Wipro Limited.