Addressing the Growing IoT Risks to the Enterprise

Samuel Greengard Avatar

Updated on:

Addressing the Growing IoT Risks to the Enterprise

Addressing the Growing IoT Risks to the EnterpriseAddressing the Growing IoT Risks to the Enterprise

Many organizations aren’t keeping up with key IoT security requirements, and hackers are increasingly planting backdoors to launch automated IoT botnet attacks.

Risk RisesRisk Rises

6.4 billion IoT devices currently exist, and that figure is projected to rise to 20 billion by 2020. 65% of enterprises are actively deploying IoT technologies.

Risk #1: IP-Connected Security SystemsRisk #1: IP-Connected Security Systems

Many security systems use proprietary RF technology that lacks authentication and encryption. Many also fail to use frequency hopping, which protects against jamming and spoofing.

Risk #2: IP-Connected infrastructureRisk #2: IP-Connected Infrastructure

HVAC systems typically operate on the same network as internal systems. Thus, hackers can intercept data, escalate privilege and carry out attacks. They can also manipulate controls.

Risk #3: Connected PrintersRisk #3: Connected Printers

Without physical access, hackers can compromise printers to siphon their private documents. They also can gain administrative control of the printer.

Risk #4: VoIP PhonesRisk #4: VoIP Phones

These devices can be subject to remote snooping and, in some cases, the speakerphone can be switched on without the knowledge of the user.

Risk #5: Smart AppliancesRisk #5: Smart Appliances

Lax certificate checking and other vulnerabilities open the door to a man-in-the-middle attack to intercept communications and modify traffic between a client and server.

Risk #6: Smart LightbulbsRisk #6: Smart Lightbulbs

These devices, which rely on mesh networks, can be sniffed by attackers. They can extract password-protected WiFi credentials and other data.

How an Attack UnfoldsHow an Attack Unfolds

Attackers can use the internet—as well as wireless communication protocols like WiFi, Bluetooth and ZigBee—to spread an infection. Any network within wireless range is susceptible.

Best PracticesBest Practices

Discover and classify all devices at the time they are connected
Control network access based on device type and behavior
Integrate islands of security and leverage existing investments

Final ThoughtsFinal Thoughts

Security teams should consider a comprehensive and agentless approach that delivers real-time visibility into devices, while eliminating the need for constant re-deployment of security controls.

Samuel Greengard Avatar