Jun 30

2017

When it Comes to IoT, Risk Managers Want to Come to the (Third-) Party

By Great Bay Software

In the Cybersecurity market, we have noticed that there isn’t a much discussion of the risks when third-parties deploy IoT devices in the enterprise. We turned to the findings of a recent Ponemon report, “The Internet of Things: A New Era of Third-Party Risk”. Their survey of 550 risk management professionals underlines a high level of concern about how to mitigate and communicate cybersecurity risks. The report1 provides a unique view of the challenges in getting IoT deployments under control.

 

"What's shocking about these findings is the complete disconnect between understanding the severity of what a third-party security breach could mean for businesses, and the lack of preparedness and communication between departments." Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute.

 

This is a great point by Dr Ponemon. It’s another example of the need for cross-functional collaboration in protecting organizations from cyberattacks – especially in the IoT era, which we previously discussed in a blog on IT vs. OT in IOT. . Here’s our summary and take-away from the report:

 

Understandable Concerns

 

Risk managers in industries such as healthcare, financial services, manufacturing and others are highly concerned about the unsecured IoT devices and applications deployed within their organizations. They have good reason to be.

  • 76% of the survey respondents indicate their organizations are likely to experience a cyberattack in the next 24 months - caused by unsecured IoT devices or applications.
  • A whopping 94% noted that such a security incident could be catastrophic.
  • Only 44% say their organization has the ability to protect their network or enterprise systems from IoT device hacking.
  • Yet 67% of those surveyed are not evaluating IoT security and privacy practices before engaging in a third-party business relationship.


Clearly, study participants are more than aware of IoT vulnerabilities – especially when deployed and/or managed by third-parties. Unfortunately, they are pessimistic about their ability to minimize IoT risks and avoid an attack. A lack of priority, resources and organizational oversight contribute to this pessimism.


It is widely accepted that the growth in IoT is being driven by the potential to increase efficiencies and improve business outcomes. However, IoT innovations and deployments are outpacing the ability of security and risk teams to protect their organization. Survey responders understand this.

  1. They expect IoT devices within their organization to double in number over the next two years.
  2. They need new security strategies and tactics that address risks across the entire enterprise IoT ecosystem.
  3. The number of vendors they use makes it difficult to manage the complexities of IoT platforms.


Third-party Governance Programs are Ignoring the IoT Risk.

Only 1/3 of organizations represented in this study are reviewing third-party risk management policies and programs to ensure they address the ever-changing landscape. The majority indicated that it is not even possible to determine whether third-party safeguards and IoT security policies are sufficient to prevent a data breach. Most organizations do not have the programs and policies in place to mitigate third-party IoT risks.


Given all the risks and concerns, why is this happening? Survey respondents cite a low priority, insufficient resources, lack of oversight and management accountability.


Yet it’s not just a third-party oversight issue. Most enterprises still need to increase their investment in protecting their business from these costly attacks – especially when it comes to IoT.


Great Bay Software is attuned to these issues and challenges. We work across organizations to provide device security solutions that can effectively be deployed system-wide. Protection for corporate-managed, third-party and other IoT deployments is made possible via a single solution regardless of organization, application or location. If you can’t see it, you can’t control it. If you’re interested in learning more about how Great Bay Software can help secure your enterprise network, please click here.

The Internet of Things Deluge | White Paper

IoT DDoS Attacks: The Stakes Have Changed | Ondemand Webinar

A 'Must Read' - Gartner of IoT Security | Blog

Gartner Market Guide for IoT Security

1: View the full report through Shared Assessments here.

Comments

Related Posts

Jun 22

2017

Embracing Change at the Summit

We just returned from the 2017 Gartner Security & Risk Management Summit, held in National Harbor, MD. It’s a great conference and this year there was plenty of new research and insights. They...

Jun 08

2017

IT vs. OT in IoT - Connecting the Shop Floor with the Top Floor

IoT and Industry 4.0 are radically changing the way manufacturers are doing business. There is a trend towards optimizing the manufacturing process through automation, IoT and IT. The real time...

Jun 01

2017

Is Your Enterprise Facing an IoT Invasion?

Our recent on-demand webinar with John Pescatore, SANS Emerging Security Trends Director and Ty Powers, Great Bay Software Technical Product Manager, outlines an actionable plan to shore up your IoT...

Subscribe to Blog Updates