Almost every organisation polled by the Ponemon Institute and Shared Assessments say they fear a ‘catastrophic’ security event related to an unsecured IoT device – yet only a third actively monitor for IoT-related third-party risks.
The study, which surveyed 605 individuals in corporate governance, found the average number of IoT devices in the workplace is set to increase by 55% over the coming year. 81% of those polled said a data breach caused by unsecured IoT devices was ‘likely’ to occur in the next 24 months.
The challenge is more of an issue than may be let on, the report adds. Less than half (45%) of respondents believe they can keep a full inventory of IoT devices in the organisation – and of that number, only 19% actually have an inventory of at least half of their devices. 15% of survey respondents have an inventory of the majority of their applications.
46% of those polled say they have a policy to disable a risky IoT device within their own organisation, while 60% opt for a third-party risk management program.
“The rapid adoption of IoT devices and applications is not slowing down and organisations need to have a clear understanding of the risks these devices pose both inside their own and outside their extended networks,” said Charlie Miller, SVP at the Shared Assessments Program. “While there’s an increasing awareness about third-party IoT risks, much more work needs to be done to ensure controls minimise the risks these devices pose.
“With the increasing number of major data breaches, ransomware, and distributed denial of service attacks in the news daily, and senior executives losing their jobs as a result, it’s critical that organisations assign accountability and ownership of IoT-related oversight across their organisation, ensure that IoT security is taken seriously, and educate management at all levels,” added Miller.