With the increasing use of IoT devices, organizations need to focus more on their risk management plans.
Many enterprises today are uncertain about what safeguard and tracking system the third party companies have in their setup. Thus, there is an absolute need for enhanced IoT risk management, claims a recent report. Shared Assessments Program, in collaboration with The Ponemon Institute, has recently published the study titled “A New Roadmap for Third Party IoT Risk Management – The Critical Need to Elevate Awareness, Authority, and Engagement”. The study analyzed the state of growing IoT risks across organizations globally and how to combat them.
Basically, the consumerization and proliferation of embedded technology and IoT devices are evolving at a quick pace – with new security vulnerabilities and damaging exposures. This takes place when the IoT device usages are extended to third parties and more concerning when it is even shared with outsiders. The ongoing IoT risk management programs are not totally aligned with the drastic surge in IoT-related risks. As per researchers, some shortcomings indicate a crystallized and increasing threat to most organizations globally.
According to Charlie Miller, Snr. Advisor of The Santa Fe Group at Shared Assessments Program – “The study underscores a major disconnect between the authority and involvement that survey respondents say is needed from their Boards of Directors, and the actual governance exhibited today. It’s increasingly imperative that organizations get ahead of the problem and address IoT risks before a major disruptive event, not after one.”
Some principal findings from the study are –
a] The current crisis is triggered by the steep expansion of IoT devices, the lack of centralized IoT risk management agenda, and the absence of senior-most authority’s involvement.
b] Roughly, one-quarter of the surveyed respondents reported that higher-performing organizations are more likely to implement advanced risk management practices and put in them to IoT usage.
Clearly, swift and step function enhancements are required all through most of the IoT risk management programs as well as third-party risk management. Areas for execution include governance, resource allocation, risk and asset management practices, and more.
In its essence, the gap between understanding and practicing the right IoT security should be addressed at the earliest. Many companies are up for the betterment of their IoT risk management, even if they need to alter other aspects of their risk management solutions.