IoT: A Hacker’s Wonderland in the Enterprise

January 12, 2016

Last year’s holiday season saw a large number of families giving or receiving connected devices. Apple Watches, Samsung Smart TVs, connected home devices, Internet-enabled toys like Hello! Barbie and Star Wars droids were last year’s hot gift items. Enterprises need to be prepared for the influx of devices that will be walking through the door this January. No matter what policy is in place, employees will find ways to bring devices into the workplace. Knowing the risks associated with these devices will allow companies to prepare for the potential risks.

Sensitive Data at Risk
When was the last time you read the Apple update policy agreement? Most likely not very recently, and the same goes for the large majority of employees. Consumers are largely unaware and unconcerned about the privacy policies that come with applications, products and online activity. The use of connected devices becomes a concern for enterprises when company data is being uploaded to these devices.

Threat Vectors Multiply
Wearables and BYOD devices, whether company issued or brought in by gadget junkies, will mean a steady increase of data moving on the corporate network. Unfortunately, this only means bad news for enterprises. Hackers are realizing the lack of security on these devices as the rush to market overrules the priority for device security. Personal identifiable information or sensitive data being leaked from these insecure devices can have a potentially catastrophic consequence when in the wrong hands. The average breach can take months to discover, therefore it is important for corporations to act preemptively by learning device traffic patterns and be able to identify anomalies.

Be Mindful of Your Network Bandwidth
According to a recent survey, a three-time growth in wearables is expected in the enterprise in the next two years. This number is even larger when customers entering the enterprise are factored in. IDC predicts that by 2017, networks will go from surplus to constrained with 10 percent of networks unable to host proper traffic flow. Network bandwidth is already stretched from live streaming of videos and social networks. In many cases, with the addition of potentially thousands of new devices streaming data through the corporate network, it is very possible that current bandwidths will not be able to adapt. Enterprises need to take a look at current bandwidths and keep in mind that BLT/LTE devices require an enormous allocation, approximately 20 Mb/s each. Now add in the automated building systems being installed and clearly network bandwidth becomes a big issue.

Patches – They Will Become the Bane of Your Existence
Imagine issuing a patch to all Internet-connected devices in your airspace. Now imagine adding 3,000 light bulbs, 40 Nest thermostats and 500 Fitbits to the list of devices needing patches monthly. Now take into consideration that most connected devices must run on low energy and therefore cannot be patched wirelessly. You can see where this is going. In upcoming years when there are trillions of patches to be made, the drain on resources will be costly.

Prevention is Key
To prevent an enterprise from becoming a hacker’s wonderland, organizations must begin to take IoT security seriously. The threat is real and policies and procedures must be put in place, as it is only a matter of time before enterprises start to find compromises that are entering their networks through IoT devices.

Chris Rouland is Co-Founder and Chief Technology Officer of Bastille a security solutions company focused exclusively on providing intrusion detection and vulnerability assessment for the Internet of Things (IoT). With more than 50 billion connected devices expected by 2020, Bastille is pioneering security for enterprise IoT with a committed focus on detecting and mitigating airborne threats.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

IoT: A Hacker’s Wonderland in the Enterprise

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

IoT: A Hacker’s Wonderland in the Enterprise

Related Articles

Related Products

Related Events

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.