Cybersecurity experts and researchers have identified a significant rise in breaches and attacks related to the internet of things, a report titled ‘The Third Annual Study on Third Party IoT risk: Companies Don’t Know What They Don’t Know” by Ponemon Institute, said.
The study, released by Santa Fe Group, reported 35 key findings on IoT risks arising from a lack of security in IoT devices. Ponemon Institute noted a substantial increase in the number of organizations reporting IoT-related data breaches. In 2017, only 15% of survey participants suffered an IoT-related data breach. That rose to to 26% in this year’s report, which surveyed as many as 625 risk management and governance experts.
“The actual number may be greater as most organizations are not aware of every unsecure IoT device or application in their environment or from third party vendors,” the report said. The study also found that more IoT security issues are being reported at the third-party level.
23% of respondents said that over the last year, they experienced a cyber-attack and 18% said they had a data breach caused by unsecured IoT devices among third-party vendors. Even those who have yet to identify a breach feel certain that the future of IoT will be weighed down by risk.
The reported also noted that when asked whether it is likely that their organizations will experience a cyber-attack such as a denial-of-service (DoS) attack caused by unsecured IoT devices or applications in the next 24 months, 87% of respondents said yes.
Respondents had similar perceptions about risks from the wider IoT partner ecosystems, with 81% expecting a DoS attack and 82% anticipating a data breach caused by a lack of security in the devices or applications of their third parties.
Only 9% of respondents said their companies inform employees about IoT third-party risks and 32% said they do not have a designated person in their department or organizations responsible for managing IoT risks.