Many employees are still connecting unapproved IoT devices to corporate networks and increasing the risk of a data breach, according to a new report from Palo Alto Networks.
In its latest survey, released Wednesday, the company said IT leaders this year told of finding internet-connected pet feeders, smart lightbulbs, heart rate monitors, gym equipment, coffee machines and game consoles on their networks.
This is even more serious with the large number of employees working from home who may have risky IoT devices on their networks, says the report.
“Remote workers need to be aware that IoT devices could be compromised and used to move laterally to access their work devices if they’re both using the same home router, which in turn could allow attackers to move onto corporate systems,” the report says.
“Everything using the same Wi-Fi network creates more risk, whether in a living room or at a coffee shop. Enterprise IT teams need to better monitor threats and device access to networks and create a level of segmentation to safeguard remote employees and limit access to the organization’s most valuable assets.”
The survey questioned 1,900 IT decision-makers in 18 countries, including 300 in Canada. Other countries in the survey were the United States, Brazil, United Kingdom, France, Germany, Netherlands, Middle East (comprising of UAE and Saudi Arabia), Spain, Italy, Ireland, Australia, China (including Hong Kong), India, Japan, Singapore and Taiwan.
Globally, 37 per cent strongly agreed and 44 per cent somewhat agreed that the shift to remote working during the COVID-19 pandemic has led to an increased risk or greater
vulnerability from unsecured IoT devices on their organization’s business network.
Among Canadian respondents, 36 per cent strongly agreed and 51 per cent somewhat agreed with that suggestion.
Asked if the shift to remote working during the COVID-19 pandemic has resulted in an increased number of IoT security incidents for their organization, 34 per cent of respondents globally (and 33 per cent of Canadians) strongly agreed.
“IoT adoption has become a critical business enabler,” said Ivan Orsanic, Canadian-based regional vice-president and country manager at Palo Alto Networks. “It presents new security challenges that can only be met if employees and employers share responsibility for protecting networks.
“Remote workers need to be aware of devices at home that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks and create a level of segmentation to safeguard remote employees and the organization’s most valuable assets.”
Security tips from the report
Tips for work-from-home employees:
- Get more familiar with your router. All of your connected devices likely connect to the internet through your router. Start by changing the default network name (SSID) to something unique, and creating a new password , then ensure your router is set to use either WPA3 Personal or WPA2 Personal wireless security to encrypt your connections.
- Keep track of which devices are connected. You can access your router’s web interface and look for “connected devices,” “wireless clients” or “DHCP clients” to see a list and disconnect older devices you no longer use, and disable remote management on the devices where you don’t need it.
- Segment the home network. Network segmentation is not only for large corporations. You can segment your home network by creating a guest Wi-Fi network. The easiest way to do this is to have IoT devices use a guest Wi-Fi network, while other devices use the main network. This helps to logically group devices in your home and isolate them from each other. Keeping them on a separate network makes it difficult to get to your computers from a compromised IoT device.
Tips for CISOs:
- Know the unknowns. Get complete visibility into all IoT devices connected to the enterprise. An effective IoT security solution should be able to discover the exact number of devices connected to your network, including the ones you are and are not aware of — and those forgotten. This discovery helps collect an up-to-date inventory of all IoT assets.
- Conduct continuous monitoring and analysis. Implement a real-time monitoring solution that continuously analyzes the behaviour of all your network-connected IoT devices to contextually segment your network between your IT and IoT devices — and their workloads. Securing and managing WFH setups as branch extensions of the enterprise requires a new approach.
- Automate risk-based security policy recommendations and enforcement. An IoT security solution should be easy to deploy without the need for any additional infrastructure or investment. Look for a solution that leverages your existing firewall investment for comprehensive and integrated security posturing.