What is the impact of shadow IoT devices on the enterprise?
The Internet of Things (IoT) is the undisputed future of our world. So far, the possibilities appear limitless as we move forward into a more connected future. IoT has the potential to improve healthcare, agriculture, climate change, and so much more.
However, nothing in this world is perfect, and IoT is no exception to that rule. One of the most pressing issues surrounding IoT is security, which, of course, is not an area that allows compromise. There's something especially sinister about hacked IoT devices; just a quick Google search will get you bloodcurdling videos of baby monitors hacked by a creepy criminal in a singsong.
Of course, we all have little tricks that we do to protect ourselves on our personal devices (like Blu Tack over your webcam). However, as IT professionals will know well, cybersecurity is very 'better the devil you know' in that it's far easier to protect devices you're aware of against threats that you are, too, aware of – but what about the devices you're not aware of?
Hidden in the shadows
Shadow IoT is haunting enterprises, and some of them don't even know it. What it refers to is IoT-driven devices or sensors that are in active use without an organisation being aware. Now more than ever, it's difficult for businesses to police devices. This is with particular thanks to trends such as bring-your-own-device, as well as ever-increasing uptake of connected devices.
Worse still, there's a kind of hierarchy of connected devices we wish to secure. Things like mobile phones, laptops, and tablets are pretty obvious, and more often that not, organisations do a good job securing them. However, it's the devices such as smart fridges or thermostats that tend to catch organisations out.
Unfortunately, these devices don't always reside on an organisation's network. In turn, they are forgotten, making them prime targets for hackers to exploit. In particular, cybercriminals will tap into IoT devices to steal data or carry out ransomware attacks. Hackers may also compromise IoT devices to be able to spy on organisations and steal corporate secrets.
Thus, organisations have a responsibility to ensure they are effectively vetting all IoT devices and not losing sight. In particular, it helps to document each IoT-powered device on the premises and to check in with them regularly to see if they need updating.
However, risk mitigation must be an enterprise-wide effort rather than just that of the IT teams. Businesses must encourage individuals to take responsibility for the devices they are using in-office.
Like most security risks, a little cyber education goes a long way. Explain the issue to your workforce, raise awareness, keep those malicious actors out, and enjoy a prosperous, more connected, and data-driven future.
What happens in the aftermath of a data breach? Find out here.