Almost every industry official surveyed said they believe a security incident related to internet-connected devices could be catastrophic, a new survey finds.
A majority of respondents (78 percent) said a data breach involving an unsecured IoT device is likely to occur within the next two years; most respondents (76 percent) also said a DDoS attack leveraging IoT devices is likely to occur in that same time frame.
“Ninety-four percent of respondents say it is likely that either incident would be catastrophic,” according to The Internet of Things (IoT): A New Era of Third-Party Risk by the Ponemon Institute and sponsored by Shared Assessments.
The report surveyed 553 individuals who have a role in their organizations’ risk management process and are familiar with the use of IoT devices. It found that “companies are relying on technologies and governance practices that have not evolved to address emergent IoT threat vectors.”
“Such potential risks include the ability of criminals to harness IoT devices, such as botnets, to attack infrastructure and launch points for malware propagation, SPAM, DDoS attacks, and anonymizing malicious activities.”
The finding shows a concerning trend in corporate security that efforts to mitigate third-party risks to the IoT ecosystem are lagging, as only 30 percent of respondents said managing third-party IoT risks is a priority for their organization.
“More and more enterprises are turning to IoT to improve business outcomes and this growth is creating a breeding ground for cyberattacks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a press release. “What’s shocking about these findings is the complete disconnect between understanding the severity of what a third-party security breach could mean for businesses, and the lack of preparedness and communication between departments.”
For more on IoT devices and botnets, read “Rise of the IoT Botnets” from the February issue of Security Management.