Ready or Not – IoT Third Party risks have arrived
Research conducted by The Ponemon Institute, and shared in a study from Shared Assessments, has found that efforts to mitigate IoT Third Party risks need to significantly improve.
The research highlights the fact that companies are relying on legacy technologies and governance practices to address potential threat vectors, with 94 percent indicating they still use a traditional network firewall to mitigate threats.
IoT Third Party risks include the ability of criminals to harness IoT devices, botnets to attack infrastructure and launch points for malware propagation, SPAM, DDoS attacks and anonymising malicious activities.
“More and more enterprises are turning to IoT to improve business outcomes and this growth is creating a breeding ground for cyber attacks,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “What’s shocking about these findings is the complete disconnect between understanding the severity of what a third party security breach could mean for businesses, and the lack of preparedness and communication between departments.”
Key Findings of the research suggest:
IoT Third Party Risk Programs are not in place:
Only 44% of organisations monitor IoT risk
Only 56% have a Third Party Risk program (24% rate program highly effective)
Organisational behaviour does not support Third Party IoT risk:
69% of Risk managers do NOT regularly report PROGRAM EFFECTIVENESS to the CEO OR board
70% of Risk Managers do NOT consider managing third party IoT risk a top priority
75% said their Boards do NOT require assurances that IoT risk among third parties is assessed
Take action now
The effective assessment and mitigation of Third Party risk is critical to ensuring the security posture of any organisation and the threats posed by the proliferation of IoT devices within the internal and extended IT landscape are no exception.
We encourage all our clients to compliment any new or existing Third Party Risk Management process with the additional scope of IoT Third Party risk to add a significant level of maturity to their TPRM program.
Learn more about DVV Solutions Third Party Risk Management services and solutions.
Download the IoT Third Party Risk Shared Assessments Infographic
*Data from survey conducted independently by Ponemon Institute LLC – “The Internet of Things (IoT): A New Era of Third Party Risk” May 2017