Addressing the Growing IoT Risks to the Enterprise

 
 
By Samuel Greengard  |  Posted 07-17-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Addressing the Growing IoT Risks to the Enterprise
    Next

    Addressing the Growing IoT Risks to the Enterprise

    Many organizations aren't keeping up with key IoT security requirements, and hackers are increasingly planting backdoors to launch automated IoT botnet attacks.
  • Previous
    Risk Rises
    Next

    Risk Rises

    6.4 billion IoT devices currently exist, and that figure is projected to rise to 20 billion by 2020. 65% of enterprises are actively deploying IoT technologies.
  • Previous
    Risk #1: IP-Connected Security Systems
    Next

    Risk #1: IP-Connected Security Systems

    Many security systems use proprietary RF technology that lacks authentication and encryption. Many also fail to use frequency hopping, which protects against jamming and spoofing.
  • Previous
    Risk #2: IP-Connected infrastructure
    Next

    Risk #2: IP-Connected Infrastructure

    HVAC systems typically operate on the same network as internal systems. Thus, hackers can intercept data, escalate privilege and carry out attacks. They can also manipulate controls.
  • Previous
    Risk #3: Connected Printers
    Next

    Risk #3: Connected Printers

    Without physical access, hackers can compromise printers to siphon their private documents. They also can gain administrative control of the printer.
  • Previous
    Risk #4: VoIP Phones
    Next

    Risk #4: VoIP Phones

    These devices can be subject to remote snooping and, in some cases, the speakerphone can be switched on without the knowledge of the user.
  • Previous
    Risk #5: Smart Appliances
    Next

    Risk #5: Smart Appliances

    Lax certificate checking and other vulnerabilities open the door to a man-in-the-middle attack to intercept communications and modify traffic between a client and server.
  • Previous
    Risk #6: Smart Lightbulbs
    Next

    Risk #6: Smart Lightbulbs

    These devices, which rely on mesh networks, can be sniffed by attackers. They can extract password-protected WiFi credentials and other data.
  • Previous
    How an Attack Unfolds
    Next

    How an Attack Unfolds

    Attackers can use the internet—as well as wireless communication protocols like WiFi, Bluetooth and ZigBee—to spread an infection. Any network within wireless range is susceptible.
  • Previous
    Best Practices
    Next

    Best Practices

    Discover and classify all devices at the time they are connected Control network access based on device type and behavior Integrate islands of security and leverage existing investments
  • Previous
    Final Thoughts
    Next

    Final Thoughts

    Security teams should consider a comprehensive and agentless approach that delivers real-time visibility into devices, while eliminating the need for constant re-deployment of security controls.
 

So far, security concerns about the internet of things (IoT) have revolved mostly around consumer devices. Yet, as enterprises ratchet up their connections across people, devices and machines, exposure points and risks grow exponentially. A recent report from network management firm ForeScout—"How Hackable Is Your Smart Enterprise?"—found that many organizations aren't keeping up with key IoT security requirements. In fact, some IoT devices can be hacked in three minutes or less, but remediation can take weeks. In addition, hackers are increasingly planting backdoors to launch automated IoT botnet attacks, and they are using jamming and spoofing techniques to hack smart enterprise systems. That enables them to steal data, snoop on calls, and control motion sensors, locks, surveillance equipment and more. As organizations move to IP platforms and adopt connected systems—including phones, HVAC systems and other smart machines—the risk of fiscal and physical damage grows. Here's a look at some of the key IoT danger points and what organizations can do to mitigate risks and vulnerabilities.

 
 
 
 
 
Samuel Greengard writes about business and technology for Baseline, CIO Insight and other publications. His most recent book is The Internet of Things (MIT Press, 2015).

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register