Employees are bringing their own Internet of Things connected devices to the workplace and could be putting organisations at risk from cyber attacks because enterprise security teams aren’t always aware that these devices are connected to the network.
People are increasingly turning to IoT products like fitness trackers, smart watches, medical devices and more in their everyday lives and in many cases, they’re connecting them to enterprise networks, but often they’re doing this without disclosing it to their IT department.
According to figures from cybersecurity company Infoblox, almost half of organisations (46 percent) have discovered ‘shadow’ IoT devices on their network during the last year. Only a quarter of organisations found no shadow IoT devices on their network at all.
Employees connecting these products to the network is increasingly the norm, yet while it brings convenience for users, the increased use of connected devices – especially those which weren’t known to the organisation – brings increased risk from cyber attacks and hacking.
Security standards for IoT devices aren’t as stringent as they are for other products such as smartphones or laptops, so in many cases, it’s been known for IoT manufacturers to ship highly insecure devices – and sometimes these products never receive any sort of patch either because the user isn’t aware of how to apply it, or the company never issues one.
A large number of connected devices are also easily discoverable with the aid of IoT search engine Shodan.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
Not only does this leave IoT products potentially vulnerable to being compromised and roped into a botnet, insecure IoT devices connected corporate networks could enable attackers to use something as trivial as a fitness tracker or a smart watch as an entry point into the network, and use it as means of further compromise.
“Personal IoT devices are easily discoverable by cybercriminals, presenting a weak entry point into the network and posing a serious security risk to the organisation. Without a full view of the security policies of the devices connected to their network, IT teams are fighting a losing battle to keep the ever-expanding network perimeter safe,” said Malcolm Murphy, Technical Director for EMEA at Infoblox.
In order to protect against the threat posed by shadow IoT, the report recommends organisations must ensure that they’re fully aware of what devices are connected to the network and to ensure that any suspicious or unknown web traffic is quickly identified. Any IoT devices on the network should also avoid using default passwords.
READ MORE ON CYBERSECURITY