Connected teddy bears, connected coffee machines and connected cars are just some of the unusual Internet of Things (IoT) devices being insecurely connected to corporate networks which could leave whole organisations open to cyber attacks.
A research paper by Palo Alto Networks details the surge in IoT devices being connected to corporate networks and their wide variety.
Some the most common irregular devices being connected to organisations’ networks include connected vehicles, connected toys and connected medical devices, with connected sports equipment such as fitness trackers, gaming devices and connected cars also being deployed.
These devices are being connected because they can often help people through the working day or help manage aspects of their personal life, but they’re also creating additional problems for the corporate network.
In many cases, these ‘shadow IoT’ devices which are being added to the network without the knowledge of the security team.
This could potentially leave the corporate network vulnerable because not only do some IoT devices have poor security which means they can easily be discovered and exploited, the way some workplaces still have flat networks means that if a device is compromised, an attacker can move from the IoT product to another system.
“If a device has an IP address it can be found. Sadly all too often they fail to have the most basic or complete lack of cyber security controls, using standard passwords, having no patching process and no basic firewall controls,” Greg Day, VP and CSO for EMEA at Palo Alto Networks told ZDNet.
“Considering some are so cheap, the cost of adding security simply isn’t considered viable”.
Even IoT devices which have been connected to the network by the organisation itself can contain security vulnerabilities which can allow hackers to gain full access to the network. One famous example of this saw cyber criminals exploit a connected fish tank to hack into the network of a casino and steal information about customers.
Many organisations need to get a better hold of the IoT devices that are connected to the corporate network and only then can they look to secure them from being exploited if they’re discovered by cyber attackers.
The key to this is being able to see the devices on the network and ensuring that IoT products are segmented so they can’t serve as a gateway to a bigger, more extensive attack.
“We live in a business world where IoT rightly opens up new business opportunities which should be embraced. However, businesses need to know what and why something connected into their digital processes,” said Day.
“Businesses need to be able to identify new IoT devices, outline what normal looks like to define what it should connect with – the segmentation part – and of course also monitor to check it does as it is predicted, to recognise any threats or risk,” he added.
READ MORE ON CYBERSECURITY