Shadow IoT: The hidden cybersecurity threats businesses must uncover
By Max BurkhalterJuly 7, 2020
Digital transformation continues to be at the top of many businesses' priority lists, but integrating new technologies comes with more than few inherent risks. For one, IT leaders must ensure new applications are compatible with legacy systems before moving into the implementation phase. Without proper planning and alignment, businesses may find themselves overspending on subpar solutions or underutilizing platforms with wide capabilities.
Recently, many companies have been aggressively transitioning to cloud-based applications that offer device-agnostic workflows, eliminating the need for dedicated workstations and individual software licenses. This move to the cloud is not only relegated to business-critical systems and applications, however, as the internet-of-things revolution has produced a variety of connected technologies suited for both enterprises and end consumers - coffee makers, security cameras, digital signage, etc. While these IoT devices offer a higher level of convenience, they also represent a growing threat to enterprise networks: Shadow IoT.
What is shadow IoT?
Shadow IoT refers to active internet-connected devices or sensors in use within an organization that IT leaders aren't aware of. The most straightforward example is smartphones - the rise of bring-your-own-device culture has seen an increasing number of employees using their personal devices for work purposes, both onsite and on the road. According to one study from the B2B research firm Clutch, roughly two-third of employees rely on "company-approved" devices to complete their work, yet less than half (40%) of those who use personal devices are closely monitored. Without direct oversight, IT leaders will not be able to track which devices are connected to the corporate network and for what purposes.
Alongside smartphones, other consumer-targeted devices also pose a threat to the security of business systems, applications and data. This includes things like wearable fitness trackers, kitchen appliances, network routers, smart cameras and even smoke detectors. The issue is that many of these technologies don't have any built-in security capabilities, which makes them highly vulnerable to malware. Once an endpoint is infected, hackers can add the device to a botnet for use in DDoS attacks or leverage it as a launchpad for ransomware, data theft and other malicious activities. What's more, when these devices aren't visible to IT administrators, it becomes almost impossible to implement cybersecurity protections that will safeguard them at the network level.
Eliminating shadow IoT
Enterprises that allow employees to connect their personal devices to the corporate network must take steps to identify shadow IoT and insulate the shared network from external threats. The same is true for workplaces that have connected technologies on premises, whether they're used for physical security or culinary convenience. Speaking on the eventual post-COVID return to normalcy, cybersecurity expert and IoT For All contributor Heleena Thivya touched on the importance of asset inventory management. By building a broad review of enterprise and individual IT assets, tech leaders can get a stronger sense of their organizations' overall posture and security strategies. When conducting an asset inventory assessment, IT leaders should prioritize the following activities:
- Asset tracking: Creating a detailed list of all IT assets - including hardware, software and application specifications - allows organizations to identify active endpoints that may not appear in their asset management consoles. Once a complete evaluation has been performed, network administrators should determine whether newly discovered IoT devices need to be taken off the network or bolstered with advanced security features.
- Traffic pattern analysis: While shadow IoT may not be easily discoverable, the devices still send and receive traffic over the enterprise network. By broadly analyzing these traffic patterns, IT administrators can locate abnormalities that point to hidden devices. This process can also be used to anticipate potential cyberattack vectors and create automated threat detection and response systems.
Alongside asset inventory management, enterprises must also create some form of documented process for adding new IoT devices to their networks. This can help prevent employees from adding personal devices without authorization. According to CSO contributor James A. Martin, companies can simultaneously make their IoT management processes more intuitive and simple for end users by upholding three best practices:
1. Make it simple for users to "officially" add new IoT devices: By setting up a formal process for adding new IoT devices, organizations can reduce the risk of shadow IoT and the burden placed on in-house support teams.
2. Constantly monitor for new shadow IoT devices: Even under the most favorable conditions, IoT devices may still be added to a corporate network without the knowledge or consent of IT leaders. By staying proactive about asset discovery and management, organizations can eliminate endpoint risks long before a security breach.
3. Isolate IoT devices: In an interview with CSO, Chester Wisniewski, principal research scientist at Sophos, explained that new IoT and IIoT devices should connect to the internet through a separate, dedicated Wi-Fi network. This allows IT administrators to set up specific controls so that IoT devices can send information freely while blocking all incoming traffic.
Protecting against shadow IoT starts with building a reliable, secure network infrastructure. Perle offers industrial-grade connectivity tools that can hold up in the harshest conditions, including our durable Ethernet switches and console servers. To learn more, read some of our customers' success stories.