IoT Security Still Not a Priority, Survey Reveals
New research from the Shared Assessments and Ponemon Institute reveals that only around a third of companies have a centralized program for managing IoT security risks.
Slowly but surely, IoT devices are becoming one of the most significant security issues for companies, mainly because it’s difficult to keep a complete inventory of existing hardware. In fact, half of all respondents say it’s impossible to maintain an inventory of IoT devices in the workplace.
The research also identifies a specific type of respondent called a ‘higher performer.’ These are people who rate their ability to manage IoT risks and other Third Party risks as highly effective. That’s why 41% of the high performer respondents say they are aware of all or most of the network of IoT devices that are connected to the internet. This means that, at best, more than half of respondents can’t account for all IoT devices in their organizations.
Furthermore, only 30% of respondents have a centralized program to manage IoT security risks. Making things worse, only 42% of companies can find IoT devices with inadequate security. This, coupled with a lack of plans for dealing with security issues, is a recipe for disaster.
“Just 36% of organizations indicate their incident response plans contain steps to respond to data security incidents caused by unsecured IoT,” reads the study. “What’s more, many organizations struggle to determine if an IoT device was responsible for a breach.”
Multiple other factors are at play. For example, only 36% of respondents say their organizations track any data the devices can/do transmit outside the network, and most respondents say that companies have a difficult time tracking the ever-increasing number of IoT devices. Only 4 in 10 respondents say they have a big enough budget to deal with security.
The study was based on a sample of 630 respondents (164 high performers). It covers data up to November 2019, which means that the situation created by the COVID-19 pandemic is not taken into account.business devices internet Internet of Things IoT security