IT execs understand IoT risks, still no clear mitigation strategy deployed

With the number of IoT devices adopted in business environments expected to grow from 9,000 to approximately 24,762, you’d expect IT executive to pay more attention to what is going on in their ecosystem and start heavily investing in the research and development of a strong security strategy.

As many as 60 percent of executives are afraid of a ransomware attack on their organization due to IoT vulnerabilities, while 81 percent believe an attack is imminent within the next 24 months, found a report from Ponemon Research and Shared Assessments based on feedback collected from over 600 respondents. But even though IT professionals are aware of the threats posed by cyberattacks launched through vulnerable IoT devices, not that many have focused on a plan to improve security posture and reduce IoT threats.

“The rapid adoption of IoT devices and applications is not slowing down and organizations need to have a clear understanding of the risks these devices pose both inside their own and outside their extended networks,” said Charlie Miller, Senior Vice President, Shared Assessments Program.

IoT devices expose organizations to a high number of third-party risks that affect internal, confidential information. Failure to properly secure their IoT infrastructure could ultimately lead to financial bankruptcy, theft of confidential data or reputational damage.

When it comes to IoT security, it is for some reason left out of most budgeting talks which is a major surprise, since the report confirms there is a growing awareness in this sector but not much is done, especially about third-party threats.

For example, some 97 percent of respondents say poorly secured smart devices could have disastrous effects on their businesses, but only 29 percent actually keep a close eye on their networks. Not enough IT executives assume responsibility for IoT risk management. In fact, over 50 percent say they have no clear overview of the number of IoT devices and applications in their infrastructure.

Businesses have some perception of IoT risks, but they still lack proper mitigation strategies to fend off attacks in a time of crisis.