Connected teddy bears, connected coffee machines and connected cars are just some of the unusual Internet of Things (IoT) devices being insecurely connected to corporate networks that could leave whole organisations open to cyberattacks.
A research paper by Palo Alto Networks details the surge in IoT devices being connected to corporate networks and their wide variety.
More on privacy
Some of the most common irregular devices being connected to organisations’ networks include connected vehicles, connected toys and connected medical devices, with connected sports equipment such as fitness trackers, gaming devices and connected cars also being deployed.
These devices are being connected because they can often help people through the working day or help manage aspects of their personal life, but they’re also creating additional problems for the corporate network.
In many cases, these ‘shadow IoT’ devices are being added to the network without the knowledge of the security team.
This could potentially leave the corporate network vulnerable because not only do some IoT devices have poor security that means they can easily be discovered and exploited, the way some workplaces still have flat networks means that if a device is compromised, an attacker can move from the IoT product to another system.
“If a device has an IP address it can be found. Sadly all too often they fail to have the most basic or complete lack of cybersecurity controls, using standard passwords, having no patching process and no basic firewall controls,” Greg Day, VP and CSO for EMEA at Palo Alto Networks, told ZDNet.
“Considering some are so cheap, the cost of adding security simply isn’t considered viable.”
Even IoT devices that have been connected to the network by the organisation itself can contain security vulnerabilities that can allow hackers to gain full access to the network. One famous example of this saw cyber criminals exploit a connected fish tank to hack into the network of a casino and steal information about customers.
Many organisations need to get a better hold of the IoT devices that are connected to the corporate network and only then can they look to secure them from being exploited if they’re discovered by cyberattackers.
The key to this is being able to see the devices on the network and ensuring that IoT products are segmented so they can’t serve as a gateway to a bigger, more extensive attack.
“We live in a business world where IoT rightly opens up new business opportunities that should be embraced. However, businesses need to know what and why something connected into their digital processes,” said Day.
“Businesses need to be able to identify new IoT devices, outline what normal looks like to define what it should connect with – the segmentation part – and of course also monitor to check it does as it is predicted, to recognise any threats or risk,” he added.
MORE ON CYBERSECURITY
- IoT security: Where do we go from here?
- How to secure your IoT devices from botnets and other threats TechRepublic
- IoT security: How these unusual attacks could undermine industrial systems
- IoT attacks are getting worse — and no one’s listening CNET
- Cybersecurity: These are the Internet of Things devices that are most targeted by hackers