IoT: A Hacker’s Wonderland in the Enterprise

January 12, 2016

Last year’s holiday season saw a large number of families giving or receiving connected devices. Apple Watches, Samsung Smart TVs, connected home devices, Internet-enabled toys like Hello! Barbie and Star Wars droids were last year’s hot gift items. Enterprises need to be prepared for the influx of devices that will be walking through the door this January. No matter what policy is in place, employees will find ways to bring devices into the workplace. Knowing the risks associated with these devices will allow companies to prepare for the potential risks.

Sensitive Data at Risk
When was the last time you read the Apple update policy agreement? Most likely not very recently, and the same goes for the large majority of employees. Consumers are largely unaware and unconcerned about the privacy policies that come with applications, products and online activity. The use of connected devices becomes a concern for enterprises when company data is being uploaded to these devices.

Threat Vectors Multiply
Wearables and BYOD devices, whether company issued or brought in by gadget junkies, will mean a steady increase of data moving on the corporate network. Unfortunately, this only means bad news for enterprises. Hackers are realizing the lack of security on these devices as the rush to market overrules the priority for device security. Personal identifiable information or sensitive data being leaked from these insecure devices can have a potentially catastrophic consequence when in the wrong hands. The average breach can take months to discover, therefore it is important for corporations to act preemptively by learning device traffic patterns and be able to identify anomalies.

Be Mindful of Your Network Bandwidth
According to a recent survey, a three-time growth in wearables is expected in the enterprise in the next two years. This number is even larger when customers entering the enterprise are factored in. IDC predicts that by 2017, networks will go from surplus to constrained with 10 percent of networks unable to host proper traffic flow. Network bandwidth is already stretched from live streaming of videos and social networks. In many cases, with the addition of potentially thousands of new devices streaming data through the corporate network, it is very possible that current bandwidths will not be able to adapt. Enterprises need to take a look at current bandwidths and keep in mind that BLT/LTE devices require an enormous allocation, approximately 20 Mb/s each. Now add in the automated building systems being installed and clearly network bandwidth becomes a big issue.

Patches – They Will Become the Bane of Your Existence
Imagine issuing a patch to all Internet-connected devices in your airspace. Now imagine adding 3,000 light bulbs, 40 Nest thermostats and 500 Fitbits to the list of devices needing patches monthly. Now take into consideration that most connected devices must run on low energy and therefore cannot be patched wirelessly. You can see where this is going. In upcoming years when there are trillions of patches to be made, the drain on resources will be costly.

Prevention is Key
To prevent an enterprise from becoming a hacker’s wonderland, organizations must begin to take IoT security seriously. The threat is real and policies and procedures must be put in place, as it is only a matter of time before enterprises start to find compromises that are entering their networks through IoT devices.

Chris Rouland is Co-Founder and Chief Technology Officer of Bastille a security solutions company focused exclusively on providing intrusion detection and vulnerability assessment for the Internet of Things (IoT). With more than 50 billion connected devices expected by 2020, Bastille is pioneering security for enterprise IoT with a committed focus on detecting and mitigating airborne threats.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

IoT: A Hacker’s Wonderland in the Enterprise

Related Articles

Related Products

Related Events

Report Abusive Comment