In a recent survey about IoT security, researchers found that 97 percent of respondents believe unsecured IoT devices could be catastrophic for their organization, yet just 29 percent actively monitor for related third-party risks.
Those are top-line results of a textured report[1] out today that reveals growing awareness about IoT security threats but far-reaching inaction when it comes to defending against third-party related threats.
The authors of the new report, The Internet of Things (IoT): A New Era of Third-Party Risk[2], are the Ponemon Institute[3], an independent research firm focused on privacy, data protection, and information security policy, and the Shared Assessments Program[4], the industry-standard body on third-party risk assurance.
Researchers asked more than 600 respondents about their perception of IoT risks and third-party risk management programs, as well as the strategies being employed by their organizations to defend against IoT-related cyber attacks.
"The rapid adoption of IoT devices and applications is not slowing down and organizations need to have a clear understanding of the risks these devices pose both inside their own and outside their extended networks," said Charlie Miller, Senior Vice President with the Shared Assessments Program, whose organization chose to partner with Ponemon on the new research, following up a similar survey conducted a year ago.
Of striking concern is a lack of clear accountability when it comes to third-party IoT risk management.
A full 38 percent of respondents indicated that nobody in their organization is responsible for reviewing the risk-management policies of third-party vendors, suggesting a troubling leap of faith.
The problem is compounded by the fact that, as many respondents indicated, C-level managers often don't understand cyber-risks related to third-party vendors.
The full report