Most companies are aware of third party IoT security measures15. June 2020
Most companies are aware of third party IoT security measures
New York, 15.6.2020
According to the latest IoT study by the Ponemon Institute and Shared Assessments, only 37% of “high performers” monitor the risk of IoT devices used by third parties. In addition, current IoT risk management programs do not keep pace with the capabilities of the attackers.
Background: IoT devices usually have specific operating systems. The consequence: the installation of security agents is problematic. As a result, the use of IoT in a corporate environment increases the attack surface and poses a permanent security risk. With the explosive growth of the Internet of Things, IoT endpoints will soon outnumber traditional enterprise managed devices.
It is obvious that there is an acute need to improve IoT risk management as an organization’s current programs chase the growing risks. Only 37% track third-party IoT exposure and 61% forecast IoT-related data loss.
The report emphasizes the urgent need to increase accountability, authority and commitment within the organization and especially those who run the TPRM department.
A large number of organizations agreed that it is not possible to determine whether third-party protection and IoT security policies are sufficient to prevent data breaches. Even the most powerful organizations need to strengthen their IoT risk management capabilities.
With the ever-increasing number of IoT devices, an organization’s sensitive data is more likely to be accessed by malicious attackers. Many IoT devices would even facilitate distributed denial of service (DdoS) attacks.
The number of actual breaches and cyberattacks associated with IoT devices is likely to be much higher than the number of events reported.
“As the proliferation and consumption of embedded technology, including IoT devices, continues at a rapid pace, new vulnerabilities and risks are being introduced,” said Rocco Grillo, Managing Director, Global Cyber Risk Services at Alvarez & Marsal. “This is especially true when the use of IoT devices is extended to third or fourth parties, or even more worrying when it is unknown where the use of IoT devices will be extended, or when these extensions are not managed”.