Return to the list of client alerts
The Santa Fe Group (led by founder Catherine Allen and creator of “shared assessments”) says that IoT breaches are dramatically up since 2017.
More importantly, companies are not taking the IoT threat sufficiently seriously and have no centralized accountability to manage and address IoT threats.
The survey says that less than half of the board members approve programs to reduce third party risk and only 21 percent of the board members are highly engaged in security practices and understand third party and cybersecurity risks in general.
Worse yet, 80 percent think their data will be breached in the next two years.
IoT risks are different than traditional IT risks. The risks do not live on traditional computing platforms like Windows workstations which are regularly patched and have management software on them.
In fact, many IoT devices are never patched from the day they are taken out of the box until the day that they get disposed of.
Worse yet, many times these IoT devices are not isolated because of business needs.
While the vast majority of IoT device infections to date have been used to attack other companies, other attacks have been used to take down the infected companies and still other attacks have been used to steal data.
Part of the solution in an active vendor cyber risk management program. Understand the vendor’s security practices, their internal security and privacy training program and what data they collect, store and keep, among other things. If you don’t like the answers, move on. Pick a different vendor. Keep doing this until you get a vendor that meets your security and privacy requirements.
Vendors will not make security and privacy a priority until it starts hurting sales. You can help that hurt. Or, you can be the next victim and be in the news.
Do you have an active IoT threat mitigation program?
The study can be found here.