Skip to main content

Explosion of Personal and IoT Devices on Enterprise Networks Introduces Immense Security Risk

Infoblox announced new research that exposes the significant threat posed by shadow devices on enterprise networks.

The report titled “What’s lurking on your network: Exposing the threat of shadow devices” found that enterprise networks across the US, UK and Germany have thousands of shadow personal devices - such as laptops, kindles and mobile phones - and Internet of Things (IoT) devices – such as digital assistants and smart kitchen appliances – connecting to their network.

Over a third of companies in the US, UK and Germany (35 percent) reported more than 5,000 personal devices connecting to the network each day. Employees in the US and UK admitted to connecting to the enterprise network for a number of reasons, including to access social media (39 percent), as well as to download apps, games and films (24 percent, 13 percent and 7 percent respectively). These practices open organizations up to social engineering hacks, phishing and malware injection.

Conversely, just 16 percent of IT directors in the UAE reported having more than 500 personal devices connecting to their networks.

Ashraf Sheet, Regional Director Middle East & Africa at ‎Infoblox says, “It is clear that organisations cannot rely upon employees to follow their security policy for connected devices. Network and security professionals must actively manage the threat introduced by shadow devices by restricting access to certain sites, adopting a solution that provides full visibility of all devices and securing the enterprise DNS infrastructure.”

A third of companies in the US, UK and Germany have more than 1,000 shadow IoT devices connected to their network on a typical day, with 12 percent of UK organizations reporting having more than 10,000.

The most common devices found on enterprise networks included:

Fitness trackers, such as FitBit or Gear Fit – 49 percent
Digital assistants, such as Amazon Alexa and Google Home – 47 percent
Smart TVs – 46 percent
Smart kitchen devices, such as connected kettles or microwaves – 33 percent
Games consoles, such as Xbox or PlayStation – 30 percent
Such devices are easily discoverable by cybercriminals online via search engines for internet-connected devices, like Shodan, which provides even lower level criminals with an easy means of identifying a vast number of devices on enterprise networks that can then be targeted for vulnerabilities. For example, in March 2018:

There were 5,966 identifiable cameras deployed in the UK
There were 2,346 identifiable Smart TVs deployed in Germany
There were 1,571 identifiable Google Home deployed in the US
To manage the security threat posed by shadow personal devices and IoT devices in the network, 82 percent of organizations have introduced a security policy for connected devices. However, IT directors appear misguided in their estimation for how effective these policies are.

While 88 percent of the IT leaders that responded to the survey believe that their security policy is either effective or very effective, nearly a quarter of employees from the US and UK that we surveyed (24 percent) did not know if their organization had a security policy.

Of those that reported that their organization did have a security policy for connected devices, 20 percent of UK respondents claimed they either rarely, or never, follow it. And, only one fifth of respondents in the US and UK reported that they followed it by the book.

Gary Cox, Technology Director, Western Europe at Infoblox commented: “Due to the poor security levels of many consumer and IoT devices, there is a very real threat posed by those operating under the radar of organisations’ traditional security policies. These devices present a weak entry point for cybercriminals into the network, and a serious security risk to the company.”

“Networks need to be a frontline defence; second only to having good end user education and appropriate security policies. Gaining full visibility into all connected devices, whether on premise or while roaming, as well as using intelligent DNS solutions to detect anomalous and potentially malicious communications to and from the network, can help security teams to detect and stop cybercriminals in their tracks.”

Comments

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

The Workplace of the Future

By: Arnab Ghosh – Director, Synergy Property Development Services)
Workplaces are undergoing a major transformation today to stay relevant. Conventional space planning and design approach for office space are slowly but steadily changing across the globe. What was a trickle a decade back is snowballing into a movement as we speak? The nature of the work we do and the time we spend in our workplace is driving this change. 
The Social Workplace The original office in the west was originally based on the factory floor design. The Workers occupied the maximum space followed by Managers and the Senior Executives in their glass cabins. The term “productivity” also has industrial roots. There were well-defined tasks and targets for the employees to achieve in their working time. All these have changed drastically over the last few decades and going to change further in the future. The culture of organizations has to adapt to this change to stay ahead and retain talent. Productivity is no long…