Managing Third-Party Risks and Internet of Things

 
 
By Karen A. Frenkel  |  Posted 07-27-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Categories:  security,Managing Third-Party Risks and Internet of Things IT Management
    Next

    Managing Third-Party Risks and Internet of Things

    When it comes to dealing with third-party risks and the internet of things, many companies are relying on outmoded technologies and practices.
  • Previous
    Major Barriers to Addressing IoT Risks
    Next

    Major Barriers to Addressing IoT Risks

    A lack of priority. Insufficient resources. Boards aren't filling oversight responsibilities. The need to make management accountable
  • Previous
    Managing Third-Party IoT Risks
    Next

    Managing Third-Party IoT Risks

    Only 30% of respondents said managing third-party IoT risks is a priority. Because it is not a priority—and leadership is not engaged—needed resources are not allocated.
  • Previous
    IoT Devices Expected to Double
    Next

    IoT Devices Expected to Double

    The number of IoT devices is expected to double in the next two years, from an average of 9,259 to 18,631 per organization. This is driven by the potential to increase efficiencies and improve business outcomes by collecting better data.
  • Previous
    Pace of Innovation and Standards
    Next

    Pace of Innovation and Standards

    72% of respondents said the pace of innovation in IoT and varying standards for security among third parties make it hard to safeguard the security of these devices and applications.
  • Previous
    The Need for New Approaches
    Next

    The Need for New Approaches

    The drive for innovation requires new approaches to IT strategies and tactics, respondents said, and 61% said cloud adoption is driven in part by the need to innovate in the IoT ecosystem.
  • Previous
    Too Many Cooks
    Next

    Too Many Cooks

    42% of respondents said the large number of vendors they use makes it difficult to manage the complexity of IoT platforms.
  • Previous
    Third-Party Risk Programs Need Work
    Next

    Third-Party Risk Programs Need Work

    56% of respondents have a third-party risk management program. Of these, only 24% rate theirs as highly effective.
  • Previous
    Neglecting the CEO and Board
    Next

    Neglecting the CEO and Board

    69% of respondents don't inform their CEO and board about the effectiveness of their third-party risk management program.
  • Previous
    Causes for Lack of Communication
    Next

    Causes for Lack of Communication

    Provide information only if a breach involves third-party management: 56%. It's not a priority for the CEO and board: 51%. Decisions about third-party risk management aren't relevant to the CEO and board: 47%
  • Previous
    Problems With Third-Party IoT Governance
    Next

    Problems With Third-Party IoT Governance

    56% of respondents said it is not possible to determine whether third-party safeguards and IoT security policies are sufficient to prevent data breaches.
  • Previous
    Why Governance Programs Are Inadequate, Part I
    Next

    Why Governance Programs Are Inadequate, Part I

    Programs don't include the secure use of IoT devices in training and awareness programs: 81%. Programs don't evaluate IoT security risks during onboarding: 80%. Programs don't consider IoT-related risks in the third-party due diligence process: 77%
  • Previous
    Why Governance Programs Are Inadequate, Part II
    Next

    Why Governance Programs Are Inadequate, Part II

    Programs don't require third parties to have insurance for IoT security risks: 70%. Programs don't evaluate IoT security and privacy practices for engaging in a business relationship: 67%. Programs don't require third parties to identify IoT devices that connect to their network: 59%
  • Previous
    Problems Tracking IoT-Connected Objects
    Next

    Problems Tracking IoT-Connected Objects

    72% are aware of only some objects connected to the internet. 55% consider IoT devices to be endpoints. Only 44% monitor the risk of IoT devices used in the workplace.
 

Efforts to mitigate third-party risks in the internet of things ecosystem are lagging, despite recognition that the IoT introduces new security risks and vulnerabilities, according to a new study. Companies rely on technologies and practices that have not evolved to address emergent IoT threat factors, according to "The Internet of Things: a New Era of Third-Party Risk," conducted by the Ponemon Institute and sponsored by Shared Assessments. "Risks include the ability of criminals to harness IoT devices such as botnets to attack infrastructure and launch points for malware propagation, spam, DDoS attacks and on anonymizing malicious activities," the report stated. Ninety-four percent of the individuals surveyed said it is very likely, somewhat likely or likely that a security incident related to unsecured IoT devices or applications could be catastrophic. Seventy-eight percent have the same certainty of loss or theft of data caused by insecure IoT devices or applications, and 76 percent have the same certainty of a cyber-attack caused by these devices. Respondents included 553 individuals who have a role in the risk management process and are familiar with the IoT devices in their organization. Following are more highlights.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register