According to a new research document, called The Second Annual Study on the Internet of Things (IoT): A New Era of Third-Party Risk, the ever-growing IoT is potentially the highest-risk security concern for experts in the industry. Drawn up by the Ponemon Institute and the Shared Assessments Program, the report goes on to say that it isn't necessarily something that's being addressed either. The problems with the IoT primarily lie with the fact that, as useful as it can be, it is mostly comprised of devices from a wide array of third-party providers and manufacturers. In fact, that is the entire purpose of the IoT but that also appears to be generating an oversight problem. Only around 38-percent of respondents to the surveys for the report claiming that nobody within their organization bothers to review the risk management policies of those supplying IoT products or services. That's despite that the majority do consider third-party risks in other areas – and only made worse by the unclear nature of best practices being followed by providers.
Breaking down the key points from the risk assessment, it becomes immediately obvious how big the problems are. The IoT is, after all, effectively a self-interacting cloud of connected devices made and managed by various third-party entities. It includes a huge number of devices across a wide variety of categories that goes far beyond what the average person might imagine. The report suggests that the number of may grow to around 24,762 on average in the near future. That's despite that the overwhelming majority of respondents are concerned about an IoT-based attack in the next two years – which would also be "catastrophic" for the majority of those organizations. As many as half of those don't track the number of devices or apps in the organization and only around half have a plan in place to remove an IoT device if something does happen. Only nine percent are aware of every IoT device on their network and 35-percent aren't entirely convinced that a breach would even be detected.
The driving issue, meanwhile, seems to be that there is no centralized way to manage the IoT. That's according to 85-percent of respondents. So it is at least relatively clear where a solution could be found. Despite the apparent urgency of the issue, it doesn't appear that it will go away anytime soon since there don't seem to be any major efforts from the tech industry as a whole to address it.