When people think about the internet of things, they often think about the common “things” they use in their day-to-day lives such as laptops, smartphones and fitness trackers. These things can also include devices that are part of the connected home — for example, a smart thermostat, baby monitor or even a connected egg tray (OK, maybe that last one is less common). However, what most don’t realize is the prevalence of IoT in the enterprise — and, in tandem, the risks it presents.
The internet of things brings enterprise organizations strategic economic value and innovation. Yet as we’ve recently seen with the Mirai IoT botnet that “took down” many businesses, enterprise IoT is becoming a popular doorway for hacking. For example, a cybercriminal could manipulate a smart camera by hijacking the device’s credentials to obtain full privilege into the device. From there, they can use the device as a proxy to connect to the network and cause greater harm.
More things, more enterprise risk
Daily, new smart devices are unknowingly being connected to corporate networks with little regard to their level of risk. Although these IoT devices are intended to improve productivity, security considerations are usually an afterthought.
According to industry analysts, by 2020, there will be over 20 billion devices connected to enterprise networks. Each device has the potential to serve as an enterprise entry point. That’s 20 billion open doors for a hacker to perform any number of nefarious acts. Given these devices are ubiquitous, the inability to run sophisticated security software and, of course, network access through the connected devices makes them a perfect target for hackers who want an easy entry point into a company’s systems.
What’s more, when employees connect a device to their enterprise network, they are unknowingly surrendering private data to these devices. If a hacker were to find just one device that was not properly secured on the network, injecting a few lines of malicious code could grant access to the data on that particular device as well as all data stored on the network.
What devices make your network vulnerable?
The short answer: Everything. Your trusted employee badge scanner, conference room scheduling system, connected printers, smart lighting, security cameras, smart TVs, voice over IP, video teleconferencing system, Wi-Fi and even big power generators. Anything that is connected to your network is vulnerable.
Attackers are naturally going to target the weakest link in a network, which is increasingly IoT. On average, we find at least four connected devices for every enterprise employee. And, we expect that number to double over the next three to four years. That equates to an incredible number of vulnerable entry points for a hacker to gain network access to steal and expose private data.
How to reduce your IoT risk
Security begins with knowing what’s on your network. In the age of IoT, visibility and control of devices is a must-have, not a nice-to-have. Businesses need a technology that can discover network infrastructure, physical and virtual systems, managed and unmanaged endpoints as well as IoT and rogue devices.
Once businesses have full visibility of what’s on their network, the next step is to control the devices. A viable security product must provide continuous monitoring, be able to immediately determine device behavior, automatically set policies, and understand the context of the network environment and device posture. What’s equally as important is a scalable technology that can work across heterogeneous platforms (on-premises, cloud, data center, etc.) without compromising security as the number of connected devices continues to grow. Only then can an organization achieve a truly comprehensive security stance and keep stealthy hackers at bay.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.