Unsecured IoT devices pose major security risk
New research from the Ponemon Institute and risk assurance body Shared Assesments reveals a high level of concern among organizations about the security of IoT, yet a gap in understanding of how to mitigate and communicate the risks, especially as it relates to third parties.
The study of 553 individuals in industries such as financial services and healthcare reveals that 76 percent say a DDoS attack involving an unsecured IoT device is likely to occur within the next two years.
In addition, 94 percent of those surveyed say that a security incident related to unsecured IoT devices or applications could be catastrophic. 69 percent of respondents don’t keep their CEO and board informed about the effectiveness of their third party risk management program.
Only 44 percent say their organization has the ability to protect their network or enterprise systems from risky IoT devices. More worrying is that 77 percent of respondents are not considering IoT-related risks in their third party due diligence. Also 67 percent of those surveyed are not evaluating IoT security and privacy practices before engaging in a business relationship.
"More and more enterprises are turning to IoT to improve business outcomes and this growth is creating a breeding ground for cyber attacks," says Dr Larry Ponemon, chairman and founder of the Ponemon Institute. "What’s shocking about these findings is the complete disconnect between understanding the severity of what a third party security breach could mean for businesses, and the lack of preparedness and communication between departments."
You can get hold of the full report from the Shared Assesments website internet-things-iot-new-era-third-party-risk/ and there’s a summary of the findings as an infographic below.
Image credit: Jirsak / Shutterstock