Smaller companies have a better handle on how many IoT devices are on their networks.
Smaller companies have a better handle on how many IoT devices are on their networks.

When it comes to Internet of Things (IoT) security, size really does matter, though bigger isn't necessarily better – as it turns out small and medium sized enterprises (SMEs) are better prepared to handle the threats posed by IoT.

SMEs may not have the resources of their larger peers but they're training them on identifying threats and determining the potential dangers connected devices pose, according to a study of 950 professionals conducted by Pwnie Express.

“It is a bit counterintuitive, because large companies have the finances and the people to secure their connected devices and critical infrastructure, but smaller operations are doing more with less,” said Pwnie Express CEO Paul Paget. “That said, it is clear that the introduction of IoT into the enterprise is challenging the status quo of IT security across the board.”

The “Is Bigger Better” study found that 41 percent of security pros in larger companies – those with more than 1,000 employees – didn't know the types of attacks launched against their IoT devices over the last year compared to 25 percent of their counterparts at SMEs.

Smaller companies have a better fix on the number of devices on their networks – 62 percent of the SMEs versus 47 percent of larger companies – as well as how many employees own (SMEs at 39 percent edged out larger enterprises who weighed in at 25 percent).

“It's one thing to say you are ready, but we believe you can't really be ready if you don't know what connected devices are coming into your office,” said Paget. The research also found that smaller companies were better (at 64 percent) at checking for malicious infections during the month prior to the study – in comparison 55 percent of the security pros at bigger companies had done similar checks.

The larger organizations (20 percent) were less likely to have checked the wireless Have checked wireless devices employees bring into the office in the last month (33 percent of the IT security professionals at SMEs had, while just 20 percent of the employees at large organizations made the same checks).

“The research shows enterprises have a lot of work to do. Large organizations would benefit from thinking more like the SMEs we saw in our research – knowing what is connected to their networks, regularly assessing the devices in their environment, and being ready to respond to IoT threats coming their way,” said Paget.

Larger organizations at 41 percent, though, had a leg up when it came to developing BYOD policies while only 25 percent of SMEs did the same. What's more, 68 percent of the pros at the bigger shops felt they were prepared to detect connected device threats, edging out those at SMEs (60 percent). Larger enterprises, too, felt better prepared to respond to threats compared to the smaller organizations (73 percent vs. 60 percent).