In a recent survey about IoT security, researchers found that 97 percent of respondents believe unsecured IoT devices could be catastrophic for their organization, yet just 29 percent actively monitor for related third-party risks.
Those are top-line results of a textured report[1] out today that reveals growing awareness about IoT security threats but far-reaching inaction when it comes to defending against third-party related threats.
The authors of the new report, The Internet of Things (IoT): A New Era of Third-Party Risk[2], are the Ponemon Institute[3], an independent research firm focused on privacy, data protection, and information security policy, and the Shared Assessments Program[4], the industry-standard body on third-party risk assurance.
Also: What is your company doing with IoT devices? | Why your business needs to build a digital double | An IoT 'crime harvest' is coming unless security problems are fixed | TechRepublic: 97% of risk pros say IoT cyberattack would be 'catastrophic' for their business[5][6][7][8]
Researchers asked more than 600 respondents about their perception of IoT risks and third-party risk management programs, as well as the strategies being employed by their organizations to defend against IoT-related cyber attacks.
"The rapid adoption of IoT devices and applications is not slowing down and organizations need to have a clear understanding of the risks these devices pose both inside their own and outside their extended networks," said Charlie Miller, Senior Vice President with the Shared Assessments Program, whose organization chose to partner with Ponemon on the new research, following up a similar survey conducted a year ago.
Of striking concern is a lack of clear accountability when it comes to third-party IoT risk