Intelligent CISO Issue 03 | Page 27

HOW CAN ORGANISATIONS BALANCE THE BENEFITS OF IOT WITH THE POTENTIAL CYBERSECURITY RISKS IT BRINGS? I nfoblox, the network control company that provides actionable network intelligence, has announced new research that exposes the significant threat posed by shadow devices on enterprise networks. The report titled What’s lurking on your network: Exposing the threat of shadow devices found that enterprise networks across the US, UK and Germany have thousands of shadow personal devices such as laptops, kindles and mobile phones and Internet of Things (IoT) devices such as digital assistants and smart kitchen appliances connecting to their network. Over a third of companies in the US, UK and Germany (35%) reported more than 5,000 personal devices connecting to the network each day. Employees in the US and UK admitted to connecting to the enterprise network for a number of reasons, including to access social media (39%), as well as to download apps, games and films (24%, 13% and 7% respectively). These practices open organisations up to social engineering hacks, phishing and malware injection. Conversely, just 16% of IT directors in the UAE reported having more than 500 personal devices connecting to their networks. www.intelligentciso.com | Issue 03 network on a typical day, with 12% of UK organisations reporting having more than 10,000. The most common devices found on enterprise networks included: • Fitness trackers, such as FitBit or Gear Fit (49%) • Digital assistants, such as Amazon Alexa and Google Home (47%) • Smart TVs (46%) • Smart kitchen devices, such as connected kettles or microwaves (33%) • Games consoles, such as Xbox or PlayStation (30%) Ashraf Sheet, Regional Director Middle East and Africa at Infoblox, said: “It is clear that organisations cannot rely upon employees to follow their security policy for connected devices. Network and security professionals must actively manage the threat introduced by shadow devices by restricting access to certain sites, adopting a solution that provides full visibility of all devices and securing the enterprise DNS infrastructure.” A third of companies in the US, UK and Germany have more than 1,000 shadow IoT devices connected to their Such devices are easily discoverable by cybercriminals online via search engines for Internet-connected devices, like Shodan, which provides even lower level criminals with an easy means of identifying a vast number of devices on enterprise networks that can then be targeted for vulnerabilities. For example, in March 2018: • There were 5,966 identifiable cameras deployed in the UK • There were 2,346 identifiable Smart TVs deployed in Germany • There were 1,571 identifiable Google Home deployed in the US 27