• Advertise
  • Contact Us
  • Supplier Directory
  • SCB YouTube
  • About Us
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Parcel & Express
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Robotics
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Customer Relationship Management
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • Green Energy
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • Sourcing/Procurement/SRM
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Management & Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Warehouse Automation
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • WHITEPAPERS
  • VIDEOS
Home » Blogs » Think Tank » Companies Beware: IoT Devices Are a Doorway to Cyberattacks

Think Tank
Think Tank RSS FeedRSS

Companies Beware: IoT Devices Are a Doorway to Cyberattacks

Companies Beware: IoT Devices Are a Doorway to Cyberattacks
July 22, 2019
Robert J. Bowman, SupplyChainBrain

The internet of things offers businesses an unprecedented level of visibility and control over their supply chains. But it also opens the door to potentially crippling cyberattacks.

A new study from the Ponemon Institute reveals a sharp increase in data breaches caused by unsecured, third-party IoT devices. And it suggests that top security experts aren’t doing enough to stop them.

The institute’s third annual study on third-party IoT Risk is subtitled “Companies Don’t Know What They Don’t Know.” Indeed, ignorance about the dangers of cyberattacks appears to have heightened the vulnerability of many businesses. IoT-related breaches are up by at least 26 percent since 2017, the study finds. (The number might be even higher, the authors note, because most companies aren’t aware of every unsecure device or application on their premises that originated from third-party vendors.)

At a time when data breaches are becoming endemic, cybersecurity doesn’t appear to be an especially high priority for a lot of companies — at least when it comes to investing resources in that area. Oversight by top management is especially lacking. According to the study, fewer than half of companies’ board members have approved programs intended to reduce third-party risk of cyberattacks. Just 21 percent fully understand the nature of that risk, and are “highly engaged” in security measures needed to address it.

When it comes to anticipating cyber risk, the prevalent attitude seems to be one of fatalism. The study found 87 percent of respondents believing that their own organizations will experience a cyberattack caused by unsecured IoT devices or applications with the next 24 months. And 84 percent expect to experience a data breach within that same time frame.

The latest version of the study draws on 600 qualified respondents and approximately 450 unique companies, according to Larry Ponemon, co-founder of the Ponemon Institute. In what he calla an “eclectic but interesting sampling,” participants included experts in I.T., data protection, third-party technology and regulation.

“Third party” means the full range of vendors, contractors, channel partners and internal affiliates from outside a company’s own I.T. environment, notes Charlie Miller, senior adviser of the Shared Assessments Program, a unit of The Santa Fe Group that specializes in assessing third-party risk.

Outside IoT devices typically take the form of sensors, smart devices, printers, cameras, nest thermostats, voice-activated personal digital assistants — in short, anything containing electronics that’s able to connect to a company’s network.

Despise this panoply of unsecure technology, much of which is introduced into the network by way of employees’ personal devices, management doesn’t view it as a huge risk, says Ponemon. Miller adds that the problem is made worse by a huge increase in the number of IoT devices to have hit the market in recent years.

Each of those devices has a unique IP address and represents a potential point of vulnerability through which hackers or cyber thieves can access proprietary data. Before allowing any of them to be introduced into the network, companies need to understand precisely what the devices intended to do, what kinds of data they are meant to collect, and how that information will be transmitted.

“All of those things are fundamental concepts that have not yet crystallized in this huge IoT space,” Miller says.

In the face of this onslaught of attacks, why aren’t companies being more proactive about preventing them? Ponemon suggests the problem lies in a lack of accountability within organizations. Moreover, IoT devices are seductively convenient to use, with owners giving little thought about how they might be jeopardizing corporate security.

Miller sees some signs of enlightenment among security teams and organizations. Certain industries such as medical device manufacturers are more focused on the issue than others, largely because they are subject to heavy regulation. (The Food and Drug Administration, for example, has “stringent rules about devices to be implanted in people,” Miller says.) New legislation such as the California Consumer Privacy Act is clamping down on merchandisers’ use of consumer data for marketing purposes. In addition, lawmakers are targeting manufacturers with measures that would require higher levels of built-in security for IoT-based devices. (Forbidding, for example, the use of easy-to-crack default passwords, which many users neglect to change.)

Other efforts to tighten up on cybersecurity are being spearheaded by organizations such as the National Institute of Standards and Technology, whose standards are accepted globally, and the Monetary Authority of Singapore, that country’s central bank. Four of the latter’s five recommendations for boosting security are included in the Ponemon study.

“You need to understand what are the devices that you have within your own organization, and are allowing to be used by your third parties,” Miller says. “And you need to make sure that the way in which the devices are attached is segmented from your production department. So if there is a breach, there’s isolation to a non-production segment of your network.”

Education is paramount, says Ponemon, stressing that awareness of cyber risk must run from each individual employee up to the executive suite, as well as to external supply-chain partners and customers.

Miller says companies should undertake use cases before committing to the use of any IoT devices, to determine the potential for misuse. For example, monitoring systems found in modern automobiles could allow hackers to take control of the vehicle remotely. “The transportation industry is looking at this very seriously,” he says.

In the end, it comes down to vigilance on the part of the user. “Cyber hygiene is the responsibility of the individual,” says Ponemon. “That is critical. It isn’t just about IoT — it’s about everything.”

Technology Data Management (Big Data/IoT/Blockchain) Supply Chain Visibility Regulation & Compliance Supply Chain Security & Risk Mgmt

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Featured Product

Popular Stories

  • A UNIFORMED OFFICER STANDS NEAR A HIGHWAY WITH TRUCKS ON IT

    U.S. Customs Ramps Up AI Investment in Push to Sharpen Enforcement

    Artificial Intelligence
  • On Demand Webinar - Arkieva - Wed Jun 24 2026 2p ET.png

    Shift Left Planning: Why Many Plans Fail to Execute—and How to Fix It

    Webinars
  • A MAP OF THE STRAIT OF HORMUZ SHOWING DOZENS OF BLUE DOTS DISTRIBUTED THROUGHOUT THE WATERWAY

    Traffic Flows Through Hormuz Despite Shock Ship Attack

    Global Gateways
  • On Demand Webinar 4flow Thu Jun 25 2026.png

    How Mars uses 4flow's AI platform for Logistics optimization

    Webinars
  • Satellite view of the Strait of Hormuz with white graphic lines representing global shipping lanes and maritime traffic between the Persian Gulf and Gulf of Oman.

    Hormuz Highlights How Maritime Risk Assessment Needs to Change

    Global Gateways

Digital Edition

2026 esg cover main scb q2 2026 cover

SupplyChainBrain 2026 ESG Guide: ESG — The Supply Chain’s Biggest Secret

VIEW THE LATEST ISSUE

Case Studies

  • Recycled Tagging Fasteners: Small Changes Make a Big Impact

  • A GRAPHIC SHOWING MULTIPLE FORMS OF SHIPPING, WITH A HUMAN STANDING AT THE CENTER, TOUCHING A SYMBOLIC MAP OF THE WORLD

    Enhancing High-Value Electronics Shipment Security with Tive's Real-Time Tracking

  • A GRAPHIC OF INTERLACING HONEYCOMBED ELEMENTS REPRESENTING GLOBAL BUSINESS TRANSACTIONS

    Moving Robots Site-to-Site

  • JLL Finds Perfect Warehouse Location, Leading to $15M Grant for Startup

  • Robots Speed Fulfillment to Help Apparel Company Scale for Growth

Visit Our Sponsors

4flow Arkieva Blue Yonder
Carton Cloud CoEnterprise Dassault
Duravant E2Open General Logistics Systems
Hy-Tek iGPS Korber
Lyngsoe Procurability Quinyx
SAP Sikick Systech
S&P Global Mobility TADA TransImpact
US Bank Werner Enterprises WSI
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Email Preferences
    • Newsletters
  • Resources
    • Events Calendar
    • 2026 Event Coverage
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2026 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing