Internet of Things (IoT) devices are set to be one of the biggest security threats facing businesses in the coming years, but in many cases, organisations will be unable to adequately address any issues because they do not know what gadgets are on their network.
This is according to a new report from the Ponemon Institute and The Santa Fe Group, which found there has been a significant increase in the number of data breaches resulting from unsecured IoT devices or applications over the last year.
In 2017, some 15 per cent of IoT-based breaches could be traced back to poorly-secured equipment or software, but for 2018, this rose to more than one in four (26 per cent).
However, the research warned this may just be the tip of the iceberg, as there could be many more such breaches that have gone undetected simply because organisations are not aware of every unsecure IoT device or application in their environment, or those from third-party vendors.
One reason for this lack of visibility may be that many firms still have no comprehensive plan for managing IoT risks. The study revealed less than half of companies have board members who approve plans to reduce third-party risk, while only a fifth of board members (21 per cent) are highly engaged in security practices and understand third-party and cybersecurity risks in general.
This means that in many cases, staffing levels and budgets are not adequate for managing an increasingly expensive IoT threat landscape. As a result, they are unable to take proactive steps to reduce their exposure to such risks.
Cathy Allen, founder and CEO of The Santa Fe Group, said the time to address these shortcomings is now. She added: "This study proves it’s no longer a matter of if, but when, and board members of organisations need to pay close attention to the issue of risk when it comes to securing a new generation of IoT devices that have found their way into your network, workplace and supply chain."
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.