Efforts to mitigate third-party risks in the internet of things ecosystem are lagging, despite recognition that the IoT introduces new security risks and vulnerabilities, according to a new study. Companies rely on technologies and practices that have not evolved to address emergent IoT threat factors, according to “The Internet of Things: a New Era of Third-Party Risk,” conducted by the Ponemon Institute and sponsored by Shared Assessments. “Risks include the ability of criminals to harness IoT devices such as botnets to attack infrastructure and launch points for malware propagation, spam, DDoS attacks and on anonymizing malicious activities,” the report stated. Ninety-four percent of the individuals surveyed said it is very likely, somewhat likely or likely that a security incident related to unsecured IoT devices or applications could be catastrophic. Seventy-eight percent have the same certainty of loss or theft of data caused by insecure IoT devices or applications, and 76 percent have the same certainty of a cyber-attack caused by these devices. Respondents included 553 individuals who have a role in the risk management process and are familiar with the IoT devices in their organization. Following are more highlights.