Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Internet of Things Security Challenging Enterprise Networks: Survey

While there have increasingly been many predictions about the impact the Internet of Things (IoT) will have on organizations in the future, it appears that the number of non-traditional devices connected to corporate networks is already challenging enterprises.

While there have increasingly been many predictions about the impact the Internet of Things (IoT) will have on organizations in the future, it appears that the number of non-traditional devices connected to corporate networks is already challenging enterprises.

According to a study by Atomik Research and security firm Tripwire, employed people working from home have an average of 11 IoT devices on their home networks, and nearly one in four have connected one of these devices to their enterprise networks. The devices run the gamut, with printers (27 percent), routers (22 percent), video equipment (20 percent) and video gaming consoles (14 percent) the most popular. Twenty-four percent of them admitted to connecting a personal smart device – other than laptops and cell phones – to a corporate network, and most said they are only “somewhat” concerned with the security of these devices.

“Network monitoring and change control policies provide the foundation for enterprises to quickly recognize new devices being connected to the corporate network,” said Craig Young, security researcher for Tripwire. “Unauthorized devices should stand out like a sore thumb by performing continuous or periodic network scans. This type of change can trigger an administrative response to disable or isolate the unknown device as an active enforcement of corporate policies.”

The survey fielded responses from 404 IT professionals, 603 employed consumers who work from home and 302 executives from the retail, energy and financial services in the U.S. and the U.K. Less than one in four of the IT professionals surveyed said they are confident in the secure configuration of common IoT devices that are already on enterprise networks: Voice over Internet Protocol (VoIP) phones (21 percent), sensors for physical security (20 percent), smart controllers for lights and HVAC (16 percent), point-of-sale devices (18 percent) and industrial controllers (12 percent).

Interestingly, while only eight percent of the respondents who work in IT in the energy industry said they were concerned about cybercriminals attacking industrial controllers, 88 percent admitted they are not confident in the secure configuration of those controllers.

Among its other findings, the survey also reported that 63 percent of executives expect business efficiencies and productivity will force them to adopt IoT devices despite the security risks. Still, 46 percent said the risks associated with IoT have the potential to become the most significant risk on their networks.

“Proper network segmentation and firewalling is definitely good security hygiene and will mitigate some of the risks associated with these systems but this alone is generally not enough to keep the determined attacker out of your system,” Young said. “By implementing these security controls the attacker may be prevented from launching certain direct attacks but persistent attackers have shown in the past the capability to move laterally through an organization in spite of segmentation and firewalls. If for example an HVAC system that is isolated from important corporate systems is compromised, the attacker may still be able to steal passwords or implant exploits to further their access into an organization. Target’s breach after all was ultimately linked back to network credentials stolen from an HVAC subcontractor.” 

The survey can be downloaded here. 

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.