Cyber adversaries know that one small IoT sensor can provide entry into a corporate network to launch ransomware attacks and more. According to a global survey of IT decision-makers by Palo Alto Networks, 78% of respondents from organizations that have IoT devices connected to their network reported an increase in non-business IoT devices on corporate networks in the last year. Smart home devices such as lightbulbs, wearable devices such as heart rate monitors, connected sports equipment, kitchen appliances such as coffee machines, game consoles and even pet technology are among the list of the strangest devices identified on such networks in the study.
Survey responses warn of needed security changes to protect corporate networks from non-business IoT devices. This year, 96% of respondents from organizations which have IoT devices connected to their network indicated their organization’s approach to IoT security needs improvement, and 1 in 4 (25%) said it needs a complete overhaul with the greatest security capability needs around threat protection (59%), risk assessment (55%), IoT device context for security teams (55%), and device visibility and inventory (52%).
“IoT adoption has become a critical business enabler. It presents new security challenges that can only be met if employees and employers share responsibility for protecting networks,” said Vicky Ray, principal researcher, Unit 42 at Palo Alto Networks. “Remote workers need to be aware of devices at home that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks and create a level of segmentation to safeguard remote employees and the organization’s most valuable assets.”
Worth noting, of the 1,900 global IT decision-makers polled by Palo Alto Networks this year, half (51%) indicated that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications (e.g., HR system, email server, finance system), and another 26% of respondents said that IoT devices are micro segmented within security zones — an industry best practice where organizations create tightly controlled security zones on their networks to isolate IoT devices and keep them separate from IT devices to avoid hackers from moving laterally on a network.