Report: Most companies are not aware of third-party IoT security measures

1641473191 Report Most companies are not aware of third party IoT security

Only 37% of “high-performing” organizations monitor the risk of IoT devices used by third parties, and conventional IoT risk management programs cannot keep up with it, a study found.

Image: Getty Images / iStockphoto

Most organizations are unaware of what it means to track and protect third-party Internet of Things (IoT) vendors, according to the fourth annual IoT survey by the Ponemon Institute and Shared Assessments. The report provided new insights into the increasing use of IoT devices across supply chains and the impending risk.

Professionals with key roles in their organization's third party risk management (TPRM) were surveyed, giving us an insight into the state and "mental set" of business in relation to TPRM.

SEE: Research: Why IoT business usage is growing (Premium TechRepublic)


    Development needed

    It is also abundantly clear that there is a “real need for the development of IoT risk management,” as an organization 's current IoT risk management programs run the growing risks. Only 37% monitor third-party IoT disclosure, and 61% predicted IoT-related data loss.

    SEE: Inside UPS: The Logistics Company's Unlimited Digital Transformation (Free PDF) (TechRepublic)

    “Many of the top performers in this year’s survey still have a long way to go to reach the level of IoT security hygiene we’d all like to see,” said Gary Roboff, senior consultant, Santa Fe Group, Co. -shared.

    The report emphasized the urgent need to increase accountability, authority and communication within the company, and in particular, those in charge of their TPRM division.

    pre-engaging-third-party evaluation.jpg

    Image: Ponemon / Shared Reviews

    Small but significant changes in four years

    The report, New Roadmap for Third Party IoT Risk Management, offered a table outlining the differences between 2017, 2018, 2019, and 2020 in IoT and TPRM, and this year certainly show increase. The responses indicated that “The rise in IoT poses a significant third party risk to my organization” 71% in agreement for 2020, with 68% for 2019, and 66% for 2018 (figures not available for 2017 ).

    A large number of organizations agreed that "it is not possible to determine whether third-party safeguards and IoT security policies are sufficient to prevent data breaches," and the results were 59% in 2020, 55% in 2019, 58% in 2018 and 56% in 2017.

    • Exacerbating the problem, the report found that the problem is exacerbated by:
    • Significant expansion in IoT devices
    • Lack of a central IoT risk management program
    • Lack of supreme authority involvement
    READ  Infosec4TC offers over 90 security courses to train you in all aspects of cyber security
    third-party protection.png

    Image: Ponemon / Shared Reviews

    Even the highest performing organizations need to increase IoT risk management capabilities, with around 25% saying that those higher performing businesses are “significantly more likely to implement key risk management practices and implementation of IoT deployment. ”

    Research is naturally suited to being able to focus on risk management challenges within an increasingly complex IoT ecosystem.

    IoT growth will continue

    Respondents expect the number of IoT devices they rely on to double in the next year or two, even though the majority of respondents said that insecure IoT devices have grown more likely to “have a significant impact”. However, nearly six in 10 admit that they do not know whether their third - party controls can actively respond to their needs.

    With the growing number of IoT devices, access to sensitive group sensitive data is more likely, and as a result, IoT risk management is going to be a “very complex” endeavor. And so many IoT devices could carry out distributed denial of service (DDoS) attacks that add even more urgency to the timeline for risk mitigation.

    Find out what kind of security your company has

    There is a lack of common sense or appropriate tools to tell which IoT device has adequate security, and just how many crashes and cyberattacks associated with IoT devices seem to be much higher than the number of reported incidents.

    SEE: IoT: Key threats and security tips for devices (PDF free) (TechRepublic)

    Organizations identifying themselves as a “superior player” (164 so named) represent approximately 33% of respondents and rate their own potential for IoT and other third-party threats. manage as "very effective." But this shows that I0T hygiene practices in most companies need significant improvement

    "While the expansion and use of embedded technology, including IoT devices, is growing at a rapid pace, security vulnerabilities and new exposures are being introduced," said Rocco Grillo, managing director, services Alvarez & Marsal's Global Cyber ​​Threat these extensions are out of control. "

    See also

    Related Posts

    Deja una respuesta

    Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *


    We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information