IoT devices are increasingly the targets that hackers are using to attempt to compromise networks, according to a new IoT security report from cloud networking company Extreme Networks, Inc.

According to the Extreme Networks research, 84% of organizations have IoT devices on their corporate networks, while 70% are aware of successful or attempted hacks. Yet more than half do not use security measures beyond default passwords.

Among Extreme Networks’ other findings:

• Organizations aren’t confident in their network security, with nine out of 10 IT professionals not confident that their network is secured against attacks or breaches. Financial services IT professionals are the most concerned about security, with 89% saying they are not confident their networks are secured against breaches. This is followed by the healthcare industry (88% not confident), then professional services (86% not confident). Education and government are the least concerned of any sector about their network being a target for attack.
• Enterprises underestimate insider threats: 55% of IT professionals believe the main risk of breaches comes mostly from outside the organization and over 70% believe they have complete visibility into the devices on the network. But according to Verizon’s 2019 Data Breach Investigations Report, insider and privilege misuse was the top security incident pattern of 2019, and among the top three causes of breaches.
• Eight-three percent of organizations in EMEA are now deploying IoT, compared to 85% in North America, which was an early adopter. Greater IoT adoption across geographies is quickly expanding the attack surface.

“Enterprise adoption of IoT, coupled with the fast rise of cloud and edge computing, is massively expanding the attack surface,” said David Coleman, Extreme Networks director of product marketing, in a prepared statement.  “But the single greatest cybersecurity threat today is inertia. This data shows that across sectors, IT professionals are not confident in their own network security. Yet so many organizations still rely on the same legacy security tools they’ve been using for decades. It’s critical for enterprises to demand multi-layered network security solutions purpose-built for the modern, hybrid enterprise.”