Employees are bringing their own Internet of Things connected devices to the workplace and could be putting organisations at risk from cyberattacks because enterprise security teams aren't always aware that these devices are connected to the network.
People are increasingly turning to IoT products like fitness trackers, smart watches, medical devices and more in their everyday lives and in many cases they're connecting them to enterprise networks, but often they're doing this without disclosing it to their IT department.
According to figures from cybersecurity company Infoblox, almost half of organisations (46%) have discovered 'shadow' IoT devices on their network during the past year. Only a quarter of organisations found no shadow IoT devices on their network at all.
Employees connecting these products to the network is increasingly the norm, yet while it brings convenience for users, the increased use of connected devices – especially those that weren't known to the organisation – brings increased risk from cyberattacks and hacking.
Security standards for IoT devices aren't as stringent as they are for other products such as smartphones or laptops, so in many cases, it's been known for IoT manufacturers to ship highly insecure devices – and sometimes these products never receive any sort of patch either because the user isn't aware of how to apply it, or the company never issues one.
A large number of connected devices are also easily discoverable with the aid of IoT search engine Shodan.
Not only does this leave IoT products potentially vulnerable to being compromised and roped into a botnet, insecure IoT devices connected corporate networks could enable attackers to use something as trivial as a fitness tracker or a smart watch as an entry point into the network, and use it as means of further compromise.
"Personal IoT devices are easily discoverable by cybercriminals, presenting a weak entry point into the network and posing a serious security risk to the organisation. Without a full view of the security policies of the devices connected to their network, IT teams are fighting a losing battle to keep the ever-expanding network perimeter safe," said Malcolm Murphy, technical director for EMEA at Infoblox.
In order to protect against the threat posed by shadow IoT, the report recommends organisations must ensure that they're fully aware of what devices are connected to the network and ensure that any suspicious or unknown web traffic is quickly identified. Any IoT devices on the network should also avoid using default passwords.
MORE ON CYBERSECURITY
- IoT security: Your smart devices must have these three features to be secure
- How to secure your IoT devices from botnets and other threats TechRepublic
- IoT security: Why it will get worse before it gets better
- IoT attacks are getting worse -- and no one's listening CNET
- The dark side of IoT, AI and quantum computing: Hacking, data breaches and existential threat