Only 9% of companies warn employees about IoT risks. Data breaches caused by unsecured Internet of Things devices increased to 26% this year, according to a Ponemon Institute report.
Unsecured Internet of Things (IoT) devices are causing major problems for organizations nationwide, according to a recent report from the Ponemon Institute and the Santa Fe Group.
IoT-related data breaches specifically caused by an unsecured IoT device or application increased from 15% in 2017 to 26% in the last year, the report found. It’s possible that this number is actually larger, as most organizations said they are not aware of every unsecure IoT device or application in their environment, or introduced by third-party vendors, it noted.
Despite these risks, only 9% of companies said their organizations currently inform and educate employees and third parties about the dangers created by IoT devices.
The majority of organizations surveyed lack centralized accountability to address and manage IoT risks, according to the report. Only 21% of board members report that they are highly engaged in security practices, and understand third-party and cybersecurity risks in general. About one-third (32%) of the organizations surveyed said no single person or department is responsible for managing or implementing corrective actions to manage IoT risks, the report found.
Perhaps because of this, more than 80% of organizations said they believe their data will be breached within the next two years, the report found.
“This study proves it’s no longer a matter of if but when and board members of organizations need to pay close attention to the issue of risk when it comes to securing a new generation of IoT devices that have found their way into your network, workplace and supply chain,” Cathy Allen, founder and CEO of the Santa Fe Group, said in a press release. “The study shows that there’s a gap between proactive and reactive risk management. The time to address this issue is now and not later.”
Only 9% of companies warn employees about IoT risks: How to secure IoT devices: 6 factors to consider
While Internet of Things devices can unlock great insights and value from the data collected, cyber-security must be built in from the start, according to a report from the Indiana IoT Lab.
The Internet of Things (IoT) continues to expand: By the end of 2019, more than 14 billion connected devices will be in use, with that number reaching 25 billion by 2021, according to Gartner. While connected devices have the potential to help enterprises unlock great insights and value from the troves of data they collect, they also massively expand the cyber-security attack landscape, according to the Indiana IoT Lab’s State of IoT report, released Wednesday.
Research shows the vast majority of commonly used IoT devices contain vulnerabilities, including password security, encryption, and authentication issues, John Roach, director of the data analytics practice at KSM Consulting, wrote in the report.
“The key to making IoT a success is balancing innovation with security,” Roach wrote. “All technology involves the acceptance of rational risk, and IoT is no different. The value of IoT, which is increasing and strategic, must be balanced against its risk. An overemphasis on security can limit the potential of IoT and insight that can be derived. A careless or rushed implementation can put organizations and individuals at risk.”
Developing an IoT-ready cybersecurity system involves considering the organization’s broader network, including clients, customers, suppliers, vendors, collaborators, business partners, and former employees, Roach wrote, as failing to protect every part of the business ecosystem can put everyone at risk.
Employees responsible for IoT cyber-security should consider the following factors, according to Roach:
- Designing and implementing a threat intelligence strategy to support business decisions
- Fully understanding vital assets and the value of their protection
- Using data analytics to anticipate where and when threats are most likely to occur
- Implementing system architecture approaches that prevent unauthorized access in one area of the technology from proliferating through the entire system
- Ensuring all those within the organization understand the need for strong governance, user controls, and personal accountability
- Developing a well-functioning Security Operations Center to help detect threats, produce relevant reporting, and enable better decision-making, risk management, and business continuity
“The most important premise to remember is this: When everything is connected, everything is at risk,” Roach wrote. “Those who successfully innovate with IoT will take all necessary precautions to ensure security and privacy implications are addressed and safeguarded—for their benefit and for the common good.”