News Release

June 2018

Cybercriminals homing in on the IoT
Third-party risk management

Criminals look to attack businesses embracing the Internet of Things (IoT), targeting small to mid-sized enterprises (SME) providing services to global organisations.

One of the predictions made in the 2018 Cybersecurity Predictions released by Stroz Friedberg, an Aon Company, is that global organisations will need to factor the way their business partners use the IoT into the increased complexities of third-party risk management. The inherent risk lies in a large company being brought down by a cyber-attack on a small vendor or contractor that targets the IoT as a way into their network.

“It is crucial for large organisations to update their approach to third-party risk management, and for small and mid-sized enterprises (SMEs) to implement better security measures, or they could stand the risk of losing business,” says Kerry Curtin, Business Unit Manager: Financial Institutions at Aon South Africa.

Enterprises continue to interconnect endpoints, objects and platforms to their networks, disintegrating traditional network perimeters, converging the digital and the physical worlds and creating new security challenges. Businesses are expected to have employed 3.1 billion connected things in 2017. Beyond devices, companies are linking more business processes to the internet to gather data, drive efficiencies and automate, monitor and control operations.

This boom in usage could generate up to $11 .1 trillion a year in economic value by 2025. Yet, IoT devices are notoriously unsecured and proper patch management programs will continue to be overlooked in 2018 according to Stroz’ predictions.

“The security vulnerabilities introduced by how businesses are utilising the IoT therefore present substantial risks, and even if a company’s own IoT ecosystem is relatively secure, the impact of how third parties are deploying IoT is neglected,” explains Kerry.

In a 2017 Ponemon study, only 25% of respondents said the board of directors ask for assurances that IoT risks among third parties are being assessed, managed and monitored appropriately. This is a particular concern for large organisations working with SMEs, given their lower prioritisation of cybersecurity.

Another recent Ponemon study found that 55% of small businesses reported having been breached in a 12-month period between 2015 and 2016, yet a tiny minority said they view it as the most critical issue they face.

“As enterprises derive more efficiencies from working with SMEs in 2018, hackers will pinpoint smaller businesses that utilise IoT platforms and devices to gain entry into larger businesses. An example is criminals targeting ATM manufacturers and maintenance vendors working with large banks,” Kerry illustrates.

“Additionally, organisations face risks from smaller service providers of printers or copy machines, security camera systems and other connected endpoints through which client data can be exposed if hacked. As a result, demand for visibility into third-party security will increase and smaller vendors bidding for contracts will have to demonstrate stronger cybersecurity measures around IoT,” says Kerry.

“It is absolutely critical that large organisations broaden their third-party risk management programs and due diligence processes to account for weaknesses in vendor IoT security. Likewise, SMEs bidding to work with them will need to improve and document their cybersecurity measures,” Kerry explains.

“The risk that cyber-crime poses affect all companies, big and small, and that is why you need a qualified risk advisor by your side who is able to take your business through a comprehensive cyber risk assessment in order to mitigate your exposure to third-party risk,” concludes Kerry.

Aon welcomes relevant dialogue and commentary on our thought leadership materials posted to our website. However, we reserve the right to delete any content that is harmful, obscene, or spam before it is published to the site.

If you elect to comment or engage with our content via third-party social media websites, you authorize Aon to have access to certain social media profile information. Please click here to learn more about information that may be collected when using these tools on

All Comments(570)

Open for comments. Sign in or create your Aon South Africa account to join the discussion.
Tom Hatcher 7 Jun 2014 14:58 Comments Policy
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed luctus nulla ac sem viverra, quis adipiscing lectus elementum. Fusce semper bibendum pellentesque.
Sandy Smith 25 May 2014 11:44 Comments Policy
Lorem ipsum dolor et al.
John Smith 12 May 2014 17:09 Comments Policy
Lorem ipsum dolor et al. Lorem ipsum dolor et al. Lorem ipsum dolor et al.
Show all comments...
Previous 1 2 3 4 5 Next

Quick Forms

Contact Me
Compliments & Complaints

Twitter Feed