Skip to main content
banner image
venafi logo

How to Secure Your Company’s Shadow Internet of Things (IoT)

How to Secure Your Company’s Shadow Internet of Things (IoT)

internet of things, iot, malware, data protection, shadow iot
May 27, 2019 | Guest Blogger: Hywel Curtis

The Internet of Things (IoT) is a hot topic in the industry today. Advanced network capabilities combined with low-cost sensors and devices are making it possible for businesses to benefit from large ecosystems of smart machines.

These networks need effective protection from breaches, malware, hacks and other cyber risks. Securing any industrial or corporate IoT network from such threats is no easy task, even when all of the devices are correctly inventoried, categorised and centrally provided.

But this challenge is made even greater when you consider all of the different devices that employees or suppliers may unofficially add to and use on the network. This is known as the ‘shadow IoT’ and it can cause businesses some serious problems.

IT managers need to be able to identify where the holes or weaknesses in the network might be. Of course, they may begin by asking, “Where and how do employees connect unsecured technology?” But that is just the start. They also need to know, “What can be done to ensure the integrity of networks when such a wide range of smart and IoT devices are potentially being used?”

First, let’s take a look at the scale of the problem.

About the Shadow IoT

Employees regularly connect personal devices to company wifi and other networks, and this in itself can cause security issues if mobile certificates aren’t properly managed. But with the lower costs and greater availability of IoT products, smart devices are now being connected and used more regularly than ever.

Gartner predictsthere will be over 20 billion IoT devices in use by 2020. Employees are regularly setting up their own equipment including smart speakers and TV screens, or even IoT-enabled coffee machines, fridges and microwaves, all of which will be accessed across the corporate network.

Similarly, external contractors and consultants visiting your offices might ask to hop on to the company wifi to share information, or perhaps connect smart speakers or a wireless projector during a presentation.

These situations leave IT unaware of what is being used on the networks they are trying to protect. In a 2018 study by 802 Secure, Inc&it was found that every single organisation surveyed had found “rogue” IoT devices that were transmitting data to other networks, individuals and the cloud. Examples include misconfigured wireless printers, wireless USB thumb drives connecting to computers both in and out of the corporate network, or even unsecured CCTV cameras.

In addition, 90% reported having shadow IoT networks that were operating separate from the main enterprise infrastructure and oversight. This lack of supervision makes these devices susceptible to attacks, and increasingly the weaknesses are being exploited.

Attacks on Unsecured IoT Devices

Generally, very basic devices IoT security protocols are simplistic, standardised (particularly in terms of login credentials and machine identities) and unable to withstand most forms of serious attack.

Significant vulnerabilities have been found in smart home systemsand in many common IoT security camerasfor example. This has led to a big increase in IoT breaches in recent yearsand many experts believe these will only get more common in the short- to medium-term.

One of the major forms of attack is the IoT botnet—a situation in which an attacker remotely accesses and co-opts a group of smart devices and computer systems in order to carry out illicit transmissions to other systems on the internet. This is also known as a 'thingbot'when just the smart devices are concerned.

Botnets multiply the attacker's available computing power, enabling them to send vast amounts of spam that can bypass filters or carry out Distributed-Denial-of-Service (DDoS) to disrupt systems and networks.

On a much smaller scale the most significant security vulnerability is remote access. This may be just an annoyance where a smart light switch or plug is concerned, but could lead to major problems if security cameras or sensors used for manufacturing are compromised. And if an attacker were to access healthcare equipment, such as a cardiac sensor, the potential results are immediately dangerous.

So with such a serious attack vector, how do we secure it?

Securing the Shadow IoT

There are a number of steps that can be taken to prevent a shadow IoT from proliferating at your company, and to secure what devices are currently in use. As usual, when it comes to enhancing network protection there is always a balance between security and efficiency; employees need to be able to do their jobs without being overly limited due to restrictions imposed by IT. Nevertheless, here are some practical steps that can be taken:

Firstly, it is important for IT to know what networks exist, how they are being used and what is connected to them. This requires a sophisticated approach to machine identity managementable to cope with the volume of IoT machines being added and data exchange that the IoT can bring.

IoT networks use different frequencies and access protocols to traditional wifi, intranets and other company networks. You can’t necessarily rely on legacy security approaches to ensure they are secure.

Effective management also plays an important role. The 802 Secure, Inc study discussed above also found that 32% of companies didn’t have somebody designated to be responsible for managing IoT risks. Ensure you assign oversight of IoT networks to specific stakeholders so there’s a clear workflow.

This workflow will need to extend from purchases through setup and to operation and obsolescence. Involving experienced IT staff at all stages, with access to an effective device identity management system, will help employees acquire and use IoT devices safely.

Your staff will always find creative ways to work around network restrictions or policies, often unintentionally. But make sure you regularly communicate the potential implications of exposing the company’s network as many people genuinely don’t know that connecting certain devices is risky.

Ultimately the best way to secure the shadow IoT network is to eliminate it all together. This is about employee behaviour and corporate policy rather than cybersecurity, but IT has a strong case to make if all machines are being properly tracked and secured.

Related posts

Like this blog? We think you will love this.
Automated Security Internet of Things
Featured Blog

Why You Need Automated Security for the Internet of Things (IoT)

In some areas of manufacturing these issues are being faced on a huge scale already.

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Guest Blogger: Hywel Curtis
Guest Blogger: Hywel Curtis

Hywel Curtis is an experienced communications consultant and content strategist based in the UK. He specialises in helping businesses in the science and technology sectors around the world to grow and develop through better communication.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat