Furthermore, network segmentation and zero-trust policies are not widely implemented to address this gaping attack surface.
Medical wearables, fitness equipment, game consoles, desk toys and other connected devices are regularly connecting to corporate networks, and significant action should be taken to prevent these devices from being used to gain illegal entry into the infrastructure.
That is according research group Palo Alto Networks in its findings on best practices for securing the Internet of Things (IoT), based on a survey of 1,350 IT business decision-makers in 14 countries in Asia, Europe, the Middle East and North America.
Most IT decision makers (89%) had reported a rise in the number of IoT devices connecting to their organizations’ networks over the last year. Among the connected medical wearables, game consoles and desktop toys, one red flag emerged. More than half of those polled said they either needed to make a lot of improvements to the way they approach IoT security (41%), or that a complete overhaul was needed (17%).
In general, 24% of respondents with at least 1,000 employees reported that they had not segmented IoT devices onto separate networks, despite this being a fundamental practice for building safe, smart networks. Only 21% reported following the best practices of using micro-segmentation to contain IoT devices in their own tightly-controlled security zones. Figures for the Asia Pacific region are in line with global averages.
Need for visibility and best practices
According to a senior cybersecurity analyst at Omdia, Tanner Johnson: “Traditional networks are ill-equipped to handle the surge in adoption of IoT devices. Device behavior baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site.”
Said Kevin O’ Leary, field chief security officer, Asia Pacific, Palo Alto Networks: “Proper network segmentation is a security best practice that cannot be overlooked. Without proper implementation, organisations may need to pay a heavy price as cybercriminals jump across and break into business-critical data and processes. Although network segmentation may take some time to set up, it can ultimately result in strong security benefits across the organisation,”
Palo Alto Networks released the survey as part of its ongoing effort to shed light on security threats posed by the surge in deployment of internet-connected devices. Experts forecast there will be more than 41 billion IoT devices by 2027, up from 8 billion last year.
Other than IoT devices, it has become increasingly common and even unavoidable for some employees to connect non-work-related devices to corporate networks. According to Palo Alto Network’s principal researcher, threat intelligence group (Asia Pacific region) Vicky Ray: “While seemingly harmless, such devices often do not have the same rigorous security measures required for work devices, and can serve as an entryway into important company information and systems. To address the threats, security teams need to be able to spot new devices, assess their risk, determine their normal behavior baselines and quickly apply security policies.”