k_Street Consulting, LLC Blog
How Much Risk Can the IoT Cause?
The Internet of Things is rapidly growing in popularity, which makes it all the more likely that some IoT devices will make their way into your office. Also growing: the reputation that these devices have as vulnerabilities to your organizational security. In an increasingly connected world, it is important to remember how the IoT could quickly become a hindrance to your business if not managed properly.
Let’s explore some of the risks that the IoT can present.
The Security Issues of the IoT
The Internet of Things has added utility to many devices, expanding their potential in ways that would otherwise be impossible. This has only been further augmented by the access to personal devices that many employees enjoy through Bring Your Own Device policies.
However, these benefits have come with an assortment of considerable risks alongside them. Devices that are a part of the IoT are notoriously vulnerable to many cyberattacks, which means that they could potentially be used as a point of access to your business’ network. From there, a cybercriminal has plenty of opportunities to create issues - whether that’s by stealing your data, hijacking your devices to be used in a botnet, or whatever their goal may be.
This problem is only exacerbated by the tendency for IoT devices to go without updates, whether through the negligence of the manufacturer or of the consumer. Without these updates, security flaws go unresolved, and the devices are thereby left vulnerable.
Consider how many devices are now manufactured that connect to the Internet. Smart watches and other wearables, smart speakers and televisions - really, almost anything with the word “smart” in its name - we have more or less surrounded ourselves with the Internet of Things. This includes the time we spend in the workplace, despite many of these devices not being visible on the network to IT. As a result, it has become almost impossible to track all the devices that attach to a network, which has developed into a new issue for businesses.
Thanks to the public demand for convenience and advanced functionality, more and more IoT devices are being manufactured all the time. If any of these devices makes its way into your office without the knowledge and approval of IT, you have a shadow IoT problem.
If you do, you aren’t alone.
In 2017, 100 percent of organizations surveyed by an IoT security firm were found to have consumer IoT devices on the network that qualified as shadow IoT. Another report, from 2018, stated that one-third of United States, United Kingdom, and German companies have over 1,000 shadow IT devices on their networks every day. Combine this with the security shortcomings discussed above, and you have a recipe for a cybersecurity disaster.
You may remember the Mirai botnet, which struck back in 2016. This botnet was built up of over 600,000 devices at its peak and focused primarily on IoT devices. Once these devices were identified by Mirai, they would be attacked and infected, adding more computing power to the botnet. Mirai is far from the only example, too… cybercriminals have been known to hack into IoT devices to gain network access, spy and listen in on conversations, and otherwise prove themselves to be a nuisance.
How to Minimize Shadow IoT
Clearly, shadow IoT isn’t a good thing for any organization. There are a few things you can do to help protect your business from the security issues that shadow IoT can cause.
- Accept IoT devices in the workplace. If your employees really want to use one of their devices at work, they’re going to. Instead of shooting down requests to bring in these devices, make it easier for your employees to do so through the proper channels - and make sure your employees are aware of these channels. Openness and cooperation can be effective tools as you try to get your team on the same page you’re on.
- Keep IoT devices separate. To better protect your network, you will want to consider utilizing a dedicated Wi-Fi network for IoT devices, configured to allow them to transmit the information they generate while blocking any incoming calls to them. This will help prevent threats from being transmitted to IoT devices.
- Seek out potential threats. Not all shadow IoT necessarily can be found on an organization’s network, as over 80 percent of the IoT is wireless. This means that you need to be monitoring your wireless signals for shadow IoT devices and networks.
Your business’ security is important - too important to be undermined by an insecure consumer device that was brought in without your knowledge. You need to get out ahead of shadow IoT, as well as the other threats that could do your business harm.
k_Street Consulting, LLC can help. Our professionals are well-versed in cybersecurity best practices and how to use them to your benefit. To find out more about what we can do for your business, reach out to us at (202) 640-2737.