Cyber adversaries know that one small IoT sensor can provide entry into a corporate network to launch ransomware attacks and more. According to a survey of IT decision-makers by Palo Alto Networks, 80% of respondents from the Asia Pacific (including Japan), who have IoT devices connected to their organization’s network, reported an increase in non-business IoT devices on corporate networks in the last year. Smart light bulbs, heart rate monitors, connected gym equipment, coffee machines, game consoles and even pet feeders are among the list of the strangest devices identified on such networks in the study.
Survey responses warn of needed security changes to protect corporate networks from non-business IoT devices. 98% of the same group above indicated their organization’s approach to IoT security needs improvement, and three out of ten (30%) said it needs a complete overhaul with the greatest security capability needs around threat protection (57%), risk assessment (57%), IoT device context for security teams (60%), and device visibility and inventory (56%).
“IoT adoption has become a critical business enabler. It presents new security challenges that can only be met if employees and employers share responsibility for protecting networks,” said Vicky Ray, principal researcher, Unit 42 at Palo Alto Networks. “Remote workers need to be aware of personal home devices that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks while practising proper network segmentation to safeguard remote employees and the organization’s most valuable assets.”
Worth noting, of all the Asia Pacific (including Japan) IT decision-makers polled by Palo Alto Networks that have IoT devices connected to their network, over half (53%) indicated that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications (e.g. HR system, email server, finance system, etc.), and another 28% of respondents said that IoT devices are micro-segmented within security zones — an industry best practice where organizations create tightly controlled security zones on their networks to isolate IoT devices and keep them separate from IT devices to avoid hackers from moving laterally on a network.