IoT is here to stay, but the proliferation and ubiquity of these devices in the enterprise is creating a much larger attack surface and easy entry points for hackers to gain access to the network. The solution starts with
real-time, continuous visibility and control of devices the instant they connect – you cannot secure what you cannot see.
Industry attention has narrowed in on the threat of commonly known Internet of Things (IoT) devices and their potential safety implications to the home, but there is as much, if not more, to consider when exploring IoT threats in the enterprise. Research into seven common enterprise IoT devices revealed that their core technologies, fundamental development methods and rapid production makes implementing proper security within the software, firmware and hardware a complex, overlooked and often neglected task.
Where Do The Vulnerabilities Lie?
- IP-Connected Security Systems – Use wireless communication to connect with other smart devices for easy entry and access, which can open the floodgates for crafty hackers.
- IP-Connected Infrastructure: Climate Control & Energy Meters – HVAC systems provide an avenue for hackers to gain network access. Enterprises are also using smart electric meters to monitor wireless energy – creating additional risk.
- Smart Video Conference Systems – Enable internet-based streaming, conference calling and screen-sharing, often only requiring the click of a button for users to share screens – and for hackers to commandeer it.
- Connected Printers – Nearly all printers are networked over IP, making them accessible from virtually any computer on the network – and a welcome mat to hackers to infiltrate the enterprise.
- VoIP Phones – VoIP phones leverage the network for many sophisticated features that makes communication easy, not only for employees – but also malicious hackers.
- Smart Fridges – Wi-Fi-enabled refrigerators with LCD screens have access to widely used operational apps (such as scheduling applications, calendars and notification systems) and the credentials stored within.
- Smart Lightbulbs – Smart lightbulbs operate on Wi-Fi and proprietary mesh networks – they can easily integrate into other connected systems that can be controlled by external devices and hackers.
Anatomy of an IoT Attack :
- IoT threats could spread through networks and the internet.
- If a threat were to successfully infect a device and infiltrate one network, it could spread to an entirely separate, segregated network – just by being within wireless range of another IoT device, despite no previous communication between the two.
- IoT threats would work even more effectively by targeting the specialized wireless communication protocols that IoT devices share, such as Wi-Fi, Bluetooth, ZigBee.
While IoT devices make it possible for organizations to run faster and more efficiently, they are too often used with little regard to their security risk. The rush to deliver new types of IoT technologies sacrifices security – almost 100 percent of the time. Once these devices are on the network, it’s easy for malware to compromise them, or for a hacker to gain access through them and steal critical information. It’s a cybersecurity challenge and an opportunity to help CISOs fill the ensuing security gaps. Businesses need an agentless approach to be able to manage their IoT devices – helping them to see the devices in real time. Enterprise IoT devices, some of which were examined in this analysis, are not designed with security agents, and IT departments often turn a blind eye when new devices are added to the corporate network to avoid the hassle of re-deploying their security protections. In the age of IoT, visibility and control of devices on the network is a must have, not a nice to have.