Forum

You need to log in to create posts and topics.

Major Uptick in IoT-Related Breaches and Attacks

Researchers have identified a significant uptick in breaches and
attacks related to the internet of things (IoT), according to a new Ponemon Institute report, The Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know.

Released today by the Santa Fe Group,
the study yielded 35 key findings on IoT risks stemming from a lack of
security in IoT devices. Ponemon Institute identified a sizable increase
in the number of organizations reporting an IoT-related data breach. In
2017, only 15% of survey participants had suffered an IoT-related data
breach. That number jumped to 26% in this year’s report, which surveyed
625 risk management and governance experts.

“The actual number may be greater as most organizations are not
aware of every unsecure IoT device or application in their environment
or from third party vendors,” the report said. In fact, the study found
that more IoT security issues are being reported at the third-party
level.

Over the last year, 23% of respondents said they experienced a
cyber-attack and 18% said they had a data breach caused by unsecured IoT
devices among third-party vendors. Even those who have yet to identify a
breach feel certain that the future of IoT will be weighed down by
risk.

When asked whether it is likely that their organizations will
experience a cyber-attack such as a denial-of-service (DoS) attack
caused by unsecured IoT devices or applications in the next 24 months,
87% of respondents said yes, according to the report.

Respondents tended to have similar perceptions about risks from the
wider IoT partner ecosystems, with 81% expecting a DoS attack and 82%
anticipating a data breach caused by a lack of security in the devices
or applications of their third parties.

Despite these perceptions, the study found that only 9% of respondents said their companies have education policies to inform employees about IoT third-party risks and nearly a third (32%) do not have a designated person in their department or organizations who is responsible for managing IoT risks.

Copyright: https://www.infosecurity-magazine.com

Greetings Sruh