When it Comes to IoT, Risk Managers Want to Come to the (Third-) Party
In the Cybersecurity market, we have noticed that there isn’t a much discussion of the risks when third-parties deploy IoT devices in the enterprise. We turned to the findings of a recent Ponemon report, “The Internet of Things: A New Era of Third-Party Risk”. Their survey of 550 risk management professionals underlines a high level of concern about how to mitigate and communicate cybersecurity risks. The report1 provides a unique view of the challenges in getting IoT deployments under control.
"What's shocking about these findings is the complete disconnect between understanding the severity of what a third-party security breach could mean for businesses, and the lack of preparedness and communication between departments." Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute.
This is a great point by Dr Ponemon. It’s another example of the need for cross-functional collaboration in protecting organizations from cyberattacks – especially in the IoT era, which we previously discussed in a blog on IT vs. OT in IOT. . Here’s our summary and take-away from the report:
Risk managers in industries such as healthcare, financial services, manufacturing and others are highly concerned about the unsecured IoT devices and applications deployed within their organizations. They have good reason to be.
- 76% of the survey respondents indicate their organizations are likely to experience a cyberattack in the next 24 months - caused by unsecured IoT devices or applications.
- A whopping 94% noted that such a security incident could be catastrophic.
- Only 44% say their organization has the ability to protect their network or enterprise systems from IoT device hacking.
- Yet 67% of those surveyed are not evaluating IoT security and privacy practices before engaging in a third-party business relationship.
Clearly, study participants are more than aware of IoT vulnerabilities – especially when deployed and/or managed by third-parties. Unfortunately, they are pessimistic about their ability to minimize IoT risks and avoid an attack. A lack of priority, resources and organizational oversight contribute to this pessimism.
It is widely accepted that the growth in IoT is being driven by the potential to increase efficiencies and improve business outcomes. However, IoT innovations and deployments are outpacing the ability of security and risk teams to protect their organization. Survey responders understand this.
- They expect IoT devices within their organization to double in number over the next two years.
- They need new security strategies and tactics that address risks across the entire enterprise IoT ecosystem.
- The number of vendors they use makes it difficult to manage the complexities of IoT platforms.
Third-party Governance Programs are Ignoring the IoT Risk.
Only 1/3 of organizations represented in this study are reviewing third-party risk management policies and programs to ensure they address the ever-changing landscape. The majority indicated that it is not even possible to determine whether third-party safeguards and IoT security policies are sufficient to prevent a data breach. Most organizations do not have the programs and policies in place to mitigate third-party IoT risks.
Given all the risks and concerns, why is this happening? Survey respondents cite a low priority, insufficient resources, lack of oversight and management accountability.
Yet it’s not just a third-party oversight issue. Most enterprises still need to increase their investment in protecting their business from these costly attacks – especially when it comes to IoT.
Great Bay Software is attuned to these issues and challenges. We work across organizations to provide device security solutions that can effectively be deployed system-wide. Protection for corporate-managed, third-party and other IoT deployments is made possible via a single solution regardless of organization, application or location. If you can’t see it, you can’t control it. If you’re interested in learning more about how Great Bay Software can help secure your enterprise network, please click here.
1: View the full report through Shared Assessments here.