With an estimated 30 billion connected devices to be deployed across the globe by 2020, the promise of a global Internet of Things is fast approaching, posing a whole new level of threats to connected organizations.
Misconception 1: Why would I care about the type of device that connects to the network? Someone has already approved it!
IoT devices seem to get all-access passes to corporate networks due to the assumption that they can bring no harm to your network.
FACT: What users fail to comprehend is that IoT devices are possibly the weakest point in the corporate network. When an IP connects to an internet forum that’s okay, but when that IP is an IP security camera, it probably means that, that IP security camera is compromised.
Misconception 2: Only IT teams connect IoT devices to the corporate network
The notion that ONLY IT teams connect IoT devices to the organizational network doesn’t reflect our reality.
FACT: In reality, there are many instances where an employee can connect their own device to the corporate network without it being cleared by IT. For instance, a doctor might bring a medical device to help him better diagnose his patients, he just plugs the device into the hospital network and uses it. Since IT never checked its security settings, the hospital network becomes susceptible to malicious activity, such as the theft of patients’ medical records.
Misconception 3: If it’s a hardware device – it’s secure!
On-prem appliances provide security teams with a false sense that they are safer than other software based solutions.
FACT: The truth of the matter is that once appliances leave the vendor, regular firmware patch updates are required. Appliances that have not been vigilantly updated with the latest firmware patch expose corporate networks to security risks.
Misconception 4: It’s ok to connect your point of sales (POS), PC and IP Security camera on the same network segment
What can potentially go wrong? It’s convenient and easy to define. There shouldn’t be any issues from a security stand point. Right? Wrong!
FACT: Since IoT devices are your weakest link, putting them on the same network segment as other devices, you not only put them at risk, you also make the hacker’s job much easier.
Misconception 5: If it’s up and running, it’s good to go!
Another common misconception is that if a device is working on default configuration, then that is enough. For example, setting up an IP camera on the network without first changing the default password.
FACT: This default configuration poses a significant threat by exposing the device to attacks from other unsecured devices. Failing to change the default settings on an IoT device can allow a hacker to remotely execute malicious code, spy on users, break devices, or recruit them into a DDoS botnet through a known backdoor. Most users do not bother to change factory default usernames and passwords, making the hackers’ lives much easier.
Building a Secure Foundation for IoT
While the trend of IoT devices may be a game changer in many respects, from a security perspective the game changes little. At its most basic level, security for the Internet of Things depends on our ability to see devices in the corporate network and control them.