The ever-increasing IoT devices within organizations depict a significant threat from the hackers who are discovering new ways to gain entry into the network.
FREMONT, CA: Internet of things (IoT) is one of the most influential technologies in the current times. The IoT market is set to increase to 20.4 billion devices by 2020, with over 8.4 billion IoT devices already in use. According to a report by the Ponemon Institute and Shared Assessments, every workplace has around 16,000 IoT devices connected to its network. With the prevalence of IoT adoption, the number is expected to grow too, which presents a significant threat from the hackers who are discovering new ways to gain entry into the network, in fact, any device that has an internet connection faces a risk of being compromised and can allow hackers with a back door to access enterprises or steal sensitive data.
Most of the IoT devices run on the firmware that is too complex to patch and update while some are entitled with default passwords that are easy to crack. There have already been numerous distributed denial-of-service (DDoS) attacks via IoT devices such as IoT ransomware, Mirai botnet and Brickerbot, and more. Enterprises finally realize the growing threats that IoT devices bring to the workplace. According to research, many enterprises are unprepared against the IoT risk management battle. While there has been some focus on third-party risk concerning IoT devices and applications, risk management is still an uphill task in this area. According to the report, there are three major disconnects that comes along with third-party risk management practices:
Increased Awareness of IoT risks vs. Proactive Measures
With the growing dependency on IoT devices, organizations realize the potential of IoT related risks and their potential to affect business processes. Around 81 percent of respondents reported that an IoT related data breach is likely to occur in the next two years, while 60 percent are worried that the IoT ecosystem is vulnerable to an attack. Despite the awareness over IoT related risks, only 28 percent reported having included IoT-related risk as part of their third-party due diligence.
Uneven IoT Risk Management Practices
With the average number of IoT devices expected to grow from 15,875 to 24,762 in the next two years, it doesn't come out as a surprise that just 45 percent of the respondents believing it's feasible to maintain an inventory of such devices. Around 88 percent of the respondents consider lack of centralized control as a primary reason for the difficulty of maintaining a full inventory.
Substantial Gap between Internal and Third-Party IoT Monitoring
Around half of all organizations report that they are actively monitoring for IoT device risks at their workplace, while only 29 percent are actively monitoring for third-party IoT risks. While a quarter of respondents accepted that they were unsure whether their organizations are affected by an attack due to an IoT device, 35 percent said that they were uncertain if it was possible to identify a third-party data breach. Only 9 percent of respondents said that they were aware of all of their physical devices connected to the internet. The major insight gained from the study is that more focus is being paid to internal workplace IoT device risks than to threats posed by third parties.