This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Building AppSec in Enterprises
  • Contact
    • Editorial Guidelines
  • Advertise
Home » IoT: A Hacker’s Wonderland in the Enterprise
Cyber Security News

IoT: A Hacker’s Wonderland in the Enterprise

connected devices
January 12, 2016
Chris Rouland
KEYWORDS Bring Your Own Device (BYOD) / connected devices / Internet of Things (IoT) / network security / threat vectors
Reprints
No Comments

Last year’s holiday season saw a large number of families giving or receiving connected devices. Apple Watches, Samsung Smart TVs, connected home devices, Internet-enabled toys like Hello! Barbie and Star Wars droids were last year’s hot gift items. Enterprises need to be prepared for the influx of devices that will be walking through the door this January. No matter what policy is in place, employees will find ways to bring devices into the workplace. Knowing the risks associated with these devices will allow companies to prepare for the potential risks.

Sensitive Data at Risk
When was the last time you read the Apple update policy agreement? Most likely not very recently, and the same goes for the large majority of employees. Consumers are largely unaware and unconcerned about the privacy policies that come with applications, products and online activity. The use of connected devices becomes a concern for enterprises when company data is being uploaded to these devices.

 Threat Vectors Multiply
Wearables and BYOD devices, whether company issued or brought in by gadget junkies, will mean a steady increase of data moving on the corporate network. Unfortunately, this only means bad news for enterprises. Hackers are realizing the lack of security on these devices as the rush to market overrules the priority for device security. Personal identifiable information or sensitive data being leaked from these insecure devices can have a potentially catastrophic consequence when in the wrong hands. The average breach can take months to discover, therefore it is important for corporations to act preemptively by learning device traffic patterns and be able to identify anomalies.

Be Mindful of Your Network Bandwidth
According to a recent survey, a three-time growth in wearables is expected in the enterprise in the next two years. This number is even larger when customers entering the enterprise are factored in. IDC predicts that by 2017, networks will go from surplus to constrained with 10 percent of networks unable to host proper traffic flow. Network bandwidth is already stretched from live streaming of videos and social networks. In many cases, with the addition of potentially thousands of new devices streaming data through the corporate network, it is very possible that current bandwidths will not be able to adapt. Enterprises need to take a look at current bandwidths and keep in mind that BLT/LTE devices require an enormous allocation, approximately 20 Mb/s each. Now add in the automated building systems being installed and clearly network bandwidth becomes a big issue.

Patches – They Will Become the Bane of Your Existence
Imagine issuing a patch to all Internet-connected devices in your airspace. Now imagine adding 3,000 light bulbs, 40 Nest thermostats and 500 Fitbits to the list of devices needing patches monthly. Now take into consideration that most connected devices must run on low energy and therefore cannot be patched wirelessly. You can see where this is going. In upcoming years when there are trillions of patches to be made, the drain on resources will be costly.

Prevention is Key
To prevent an enterprise from becoming a hacker’s wonderland, organizations must begin to take IoT security seriously. The threat is real and policies and procedures must be put in place, as it is only a matter of time before enterprises start to find compromises that are entering their networks through IoT devices.

Subscribe to Security Magazine

Chris Rouland is Co-Founder and Chief Technology Officer of Bastille a security solutions company focused exclusively on providing intrusion detection and vulnerability assessment for the Internet of Things (IoT). With more than 50 billion connected devices expected by 2020, Bastille is pioneering security for enterprise IoT with a committed focus on detecting and mitigating airborne threats.

Related Articles

Could a Device Labeling System Under the Trump Administration Lead to Better IoT Security?

Exploring the Wide-Ranging IoT Risks in Healthcare

Related Products

The Database Hacker's Handbook: Defending Database Servers

Related Events

Demystifying IoT and Its Impact on the Security Professional

The Amphion Forum

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

cybersecurity breach

The Top 12 Data Breaches of 2019

Mark Hargraves

Security Industry Mourns Passing of Mark Hargraves

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

SEC1219-Cover-Feat-slide1_900px

Contracted vs. In-House Guarding: No Universal Right Answer

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe. Organizations need to be prepared through a unified and rapid response to these events.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing