What is lurking on your network? is the question posed by a cyber security company, in a report about how to securely manage shadow devices on enterprise networks. Infoblox found that enterprise networks across the US, UK and Germany have thousands of shadow personal devices – such as laptops, kindles and mobile phones – and Internet of Things (IoT) devices – such as digital assistants and smart kitchen appliances – connecting to their network.
Over a third of companies in the US, UK and Germany (35 percent) reported more than 5,000 personal devices connecting to the network each day. Employees in the US and UK admitted to connecting to the enterprise network for a number of reasons, including to access social media (39 percent), as well as to download apps, games and films (24 percent, 13 percent and 7 percent respectively). These practices open organizations up to social engineering hacks, phishing and malware injection.
Conversely, just 16 percent of IT directors in the UAE reported having more than 500 personal devices connecting to their networks. A third of companies in the US, UK and Germany have more than 1,000 shadow IoT devices connected to their network on a typical day, with 12 percent of UK organiaations reporting having more than 10,000. The most common devices found on enterprise networks included:
Fitness trackers, such as FitBit or Gear Fit – 49 percent
Digital assistants, such as Amazon Alexa and Google Home – 47 percent
Smart TVs – 46 percent
Smart kitchen devices, such as connected kettles or microwaves – 33 percent
Games consoles, such as Xbox or PlayStation – 30 percent
Such devices are easily discoverable by cybercriminals online via search engines for internet-connected devices, like Shodan, the cyber firm adds.
Comments
Gary Cox, Technology Director, Western Europe at Infoblox said: “Due to the poor security levels of many consumer and IoT devices, there is a very real threat posed by those operating under the radar of organizations’ traditional security policies. These devices present a weak entry point for cybercriminals into the network, and a serious security risk to the company.”
“Networks need to be a frontline of defence; second only to having good end user education and appropriate security policies. Gaining full visibility into all connected devices, whether on premise or while roaming, as well as using intelligent DNS solutions to detect anomalous and potentially malicious communications to and from the network, can help security teams detect and stop cybercriminals in their tracks.”
Daniel Moscovici, co-founder of Cy-oT, said “IoT devices are not protected by nature. We need them to improve our businesses and life, but they are a very easy attack surface, and by far the easiest way to get into an organisation, enabling hackers to scan your network, install malware, conduct reconnaissance, and exfiltrate data by bypassing other security mechanisms. The real risk is the fact that these devices are an open door in and out of an organisation. For example, if a hacker is able to infiltrate a video camera, they would be able to steal your pictures and videos; however, this is not the main issue. More importantly, the hacker can reach your more sensitive assets by accessing your network though an insecure device.
“We have seen organisations investing a lot of money in mechanisms to protect their networks, perimeters and endpoints, so attackers will use the path of least resistance in terms of attack surface – connected devices, especially in a wireless environment. However, organisations are unaware that it’s not only the corporate network that is in danger; its airspace is also under threat. Hackers can connect via P2P directly to these assets and, from there, get into the corporate network.
“IoT devices are exposed for multiple reasons. Some of them can have built in vulnerabilities, and are actually shipped from the factory as a hackable device or a ready to use botnet. IoT devices can also be exposed through their cloud or web application services, as these are often not adequately secured. The wireless networks surrounding IoT devices are also highly unprotected; think WPA2 vulnerabilities. Wireless infrastructures are very sensitive, especially where multiple devices from multiple vendors/users are concerned. Some will even be from outside your company walls – for example if an employee takes a company device and connects to a local Starbucks Wi-Fi.
“What is needed is a dedicated cybersecurity solution that monitors both the IoT device and its activity 24 x 7, and can neutralise the threat. By doing this, an organisation will be able to detect when and which devices are at risk, as well as mitigate the threat in real time without physically looking for it. The answer does not lie within the device itself, but with a solution that brings your Security Operations Team visibility and control.”
