IoT: A Hacker’s Wonderland in the Enterprise

Last year’s holiday season saw a large number of families giving or receiving connected devices. Apple Watches, Samsung Smart TVs, connected home devices, Internet-enabled toys like Hello! Barbie and Star Wars droids were last year’s hot gift items. Enterprises need to be prepared for the influx of devices that will be walking through the door this January. No matter what policy is in place, employees will find ways to bring devices into the workplace. Knowing the risks associated with these devices will allow companies to prepare for the potential risks.

Sensitive Data at Risk
When was the last time you read the Apple update policy agreement? Most likely not very recently, and the same goes for the large majority of employees. Consumers are largely unaware and unconcerned about the privacy policies that come with applications, products and online activity. The use of connected devices becomes a concern for enterprises when company data is being uploaded to these devices.

Threat Vectors Multiply
Wearables and BYOD devices, whether company issued or brought in by gadget junkies, will mean a steady increase of data moving on the corporate network. Unfortunately, this only means bad news for enterprises. Hackers are realizing the lack of security on these devices as the rush to market overrules the priority for device security. Personal identifiable information or sensitive data being leaked from these insecure devices can have a potentially catastrophic consequence when in the wrong hands. The average breach can take months to discover, therefore it is important for corporations to act preemptively by learning device traffic patterns and be able to identify anomalies.

Be Mindful of Your Network Bandwidth
According to a recent survey, a three-time growth in wearables is expected in the enterprise in the next two years. This number is even larger when customers entering the enterprise are factored in. IDC predicts that by 2017, networks will go from surplus to constrained with 10 percent of networks unable to host proper traffic flow. Network bandwidth is already stretched from live streaming of videos and social networks. In many cases, with the addition of potentially thousands of new devices streaming data through the corporate network, it is very possible that current bandwidths will not be able to adapt. Enterprises need to take a look at current bandwidths and keep in mind that BLT/LTE devices require an enormous allocation, approximately 20 Mb/s each. Now add in the automated building systems being installed and clearly network bandwidth becomes a big issue.

Patches – They Will Become the Bane of Your Existence
Imagine issuing a patch to all Internet-connected devices in your airspace. Now imagine adding 3,000 light bulbs, 40 Nest thermostats and 500 Fitbits to the list of devices needing patches monthly. Now take into consideration that most connected devices must run on low energy and therefore cannot be patched wirelessly. You can see where this is going. In upcoming years when there are trillions of patches to be made, the drain on resources will be costly.

Prevention is Key
To prevent an enterprise from becoming a hacker’s wonderland, organizations must begin to take IoT security seriously. The threat is real and policies and procedures must be put in place, as it is only a matter of time before enterprises start to find compromises that are entering their networks through IoT devices.

Chris Rouland is Co-Founder and Chief Technology Officer of Bastille a security solutions company focused exclusively on providing intrusion detection and vulnerability assessment for the Internet of Things (IoT). With more than 50 billion connected devices expected by 2020, Bastille is pioneering security for enterprise IoT with a committed focus on detecting and mitigating airborne threats.

Situational awareness should be at the forefront of your security program. It can mean the difference between life and death in a workplace emergency.

Security’s digital transformation is now entering stage 5. Complex security technologies are connected to HR systems, global security operations centers, and other building technologies in a world where employees now work in two places: home and the corporate office.