Extreme Networks Study: Companies Underestimate IoT-Based Threats
While the use of IoT technologies continues to grow, many companies remain highly vulnerable to IoT-based cyberattacks. A recent study by Extreme Networks, a provider of cloud-based networking solutions, found that 84 percent of organizations use IoT devices within their corporate networks. Of these companies, 70 percent are aware of successful or planned IoT-based hacking attempts. Despite this awareness, more than half of these organizations implement no security measures beyond default passwords.
The study surveyed 540 IT professionals across various industries in North America, Europe, and the Asia-Pacific region. The findings highlight the vulnerabilities introduced by the rapid adoption of IoT technologies and reveal corporate uncertainty about how best to defend against security breaches. As a result, the threat posed by insider risks should not be underestimated.
Key Findings of the Study:
- Organizations lack confidence in their network security:
Nine out of ten IT professionals are uncertain whether their network is truly protected against attacks or vulnerabilities. IT experts in the financial services sector are the most concerned about security: 89% say they are unsure if their network is safeguarded against threats, followed by healthcare (88%) and the services sector (86%). In contrast, professionals in education and government organizations are comparatively less concerned about their networks being targeted.
- Companies underestimate insider threats:
55% of IT professionals believe the biggest security risk comes from outside the organization, and over 70% assume they have full visibility of all devices on their network. However, according to the Verizon Data Breach Investigation Report 2019, insider actions or misuse of privileges were the most common cause of security incidents in 2019 and one of the top three causes of data breaches.
- Europe matches North America in IoT adoption:
83% of organizations in the EMEA region now use IoT, compared to 85% in North America, where companies adopted the technology earlier. Higher IoT penetration across all regions leads to a rapid expansion of the potential attack surface.
- Network Access Control (NAC) deployments often fail due to lack of expertise and high complexity:
NAC is critical for protecting networks from vulnerable IoT devices. Yet, one-third of all NAC deployment projects fail. The main reasons for failed implementations include a lack of qualified IT staff (37%), high maintenance costs or effort (29%), and implementation complexity (19%).
- Growing acceptance of SaaS-based (Software-as-a-Service) networks:
72% of IT professionals want network access to be managed from the cloud. This supports the 650 Group’s prediction that more than half of enterprise networking systems will transition to SaaS-based networks by the end of 2023.
Extreme Networks offers the multilayered security features required in today’s enterprises – from wireless and IoT edge to data centers – including role-based access control, network segmentation and isolation, application telemetry, real-time IoT monitoring, and automated compliance. As countless business systems continue migrating to the cloud, cloud security becomes increasingly critical. Extreme Networks’ security solutions evolve alongside expanding network environments to protect enterprise infrastructures both on-premises and in the cloud.
David Coleman, Director of Product Marketing at Extreme Networks, comments on the findings:
“The adoption of IoT in enterprises, along with the rapid growth of cloud and edge computing solutions, is massively expanding the attack surface for organizations. But the greatest threat to cybersecurity is inaction. The study results show that IT professionals across industries lack confidence in their own network security. Yet, many organizations still rely on the same outdated security tools they’ve used for decades. It’s crucial for businesses to adopt multilayered network security solutions specifically designed for modern, hybrid enterprises.”
Key Facts
Cloud security incidents: 45 percent of data breaches involve cloud environments.
Misconfigurations: 80 percent of cloud security incidents are caused by misconfigurations.
Frequently Asked Questions
Why are IoT devices particularly vulnerable to cyberattacks?
Many IoT devices have limited computing power for security functions, use default passwords, rarely receive firmware updates, and are often invisible to security monitoring. Additionally, basic encryption and authentication are frequently missing.
How can a corporate network be protected from IoT risks?
Implement network segmentation (placing IoT devices into separate VLANs), perform regular firmware updates, change all default passwords, monitor IoT traffic, and maintain an up-to-date inventory of all connected devices.
What does the Cyber Resilience Act require from IoT manufacturers?
Starting in 2027, all manufacturers of connected products in the EU must ensure security by design, report vulnerabilities, and provide security updates throughout the product’s entire lifecycle. Violations could result in fines of up to 15 million euros.
Related Articles
More from the MBF Media Network
Header Image Source: iStock / metamorworks
Fact: According to the Allianz Risk Barometer 2025, cyberattacks are the top global business risk.
Fact: Only 15 percent of IoT manufacturers implement basic security standards as defined by OWASP.
TL;DR
- A recent study by Extreme Networks, a provider of cloud-based networking solutions, found that 84 percent of companies use IoT devices in their corporate networks.
- Of these companies, 70 percent are aware of successful or planned IoT-based cyberattacks.
- The study surveyed 540 IT professionals across various industries in North America, Europe, and the Asia-Pacific region.
- Key findings include: Organizations lack confidence in network security – 9 out of 10 IT professionals are uncertain whether their network is truly protected against attacks or vulnerabilities.
