As more and more employees bring their connected devices to their workplaces, these devices, called “Shadow IoT” create new security vulnerabilities within organizations.
As employees multiply the connected devices they bring to their workplaces, the threat grows for the security of their corporate networks. By bringing their own connected devices to their workplace, employees are indeed putting the organizations that employ them at risk, as their security teams are not always aware that these devices are connected to the network.
This phenomenon, dubbed the “Shadow IoT”, is based on the success of the Internet of Things and on the proliferation of connected objects sold to the general public. Every day, more and more people are indeed equipped with connected devices, such as fitness monitoring devices, smartwatches or even medical devices.
It very often happens that they connect these objects to the network of their workplace, without however informing the IT departments of the organizations that employ them.
According to the latest figures from security firm Infoblox, almost half of companies (46%) found such “ghost” connected devices on their network last year. Only a quarter of the companies did not find any “Ghost” connected devices on their network.
Minimum Security Standards
The security standards for these connected objects are often faulty or in any case less strict than for other products such as smartphones or laptops. In many cases, manufacturers of connected devices are known to deliver very insecure devices. Sometimes these products never receive a patch, either because the user doesn’t know how to apply it, or because the company never publishes it.
Connected devices are not only potentially vulnerable to setting up a botnet but, connected to corporate networks, they could serve as an entry point for attackers who could use them as additional leverage.
To protect against the threat of Shadow IoT, the report reports that companies are making sure they fully understand devices connected to the network and that they can easily identify suspected or unknown web traffic. Any device connected to the network should also avoid using standard passwords.