Shadow IoT and What to Do About It

For much of the last five years, we’ve been told that the Internet of Things was going to be the most important innovation since broadband Internet was introduced. This growth, while its largely happening under the proverbial radar, is happening. There are around seven billion “smart” devices in 2019 with expectations that it will be three times that by 2025. With that many Internet-connected devices, there are bound to be some that come with vulnerabilities, whether it comes from being designed poorly or not frequently updated with modern threat definitions. Today, we’ll take a look to see if the Internet of Things should be considered a threat to your business.

Consider the Security Issues of the IoT

The Internet of Things has done a lot for people over a relatively short period of time. With more access and more information being tracked than ever before, people have more knowledge about their lives. For the modern business however, most of the IoT that is deployed for business purposes, are dependable, built-specifically-for-business, devices. The devices that are causing the most problems are the cut-rate devices that businesses will sometimes purchase to avoid capital outlays and consumer-based devices that staff and customers bring into the business. 

A lot of consumer IoT devices have been notoriously vulnerable to cyberattack, resulting in being a point of entry for hackers looking to do more than syphon off a few files. From this entry point, a cybercriminal has plenty of opportunities to create major problems for a business by stealing data, hijacking these devices for use in a botnet, or simply as a revolving door in and out of a network. 

Shadow IoT

When your staff downloads software that hasn’t been vetted by your IT administrator, they call it shadow IT. Today, with the prevalence of IoT devices, businesses have to be cognizant more of shadow IoT. People have more connected devices, such as wearables, that you may not be cognizant of. With that many endpoints, there is bound to be one that isn’t updated or is completely unsupported. This presents a shadow IoT problem.

In 2017, a study showed that every organization surveyed by an IoT security firm were found to have consumer IoT devices on the network that qualified as shadow IoT. Another report, from 2018, stated that one-third of United States, United Kingdom, and German companies have over 1,000 shadow IT devices on their networks every day. This creates a major problem since cybercriminals have been known to hack into IoT devices to gain network access, spy and listen in on conversations, and simply hold control over the device. 

How to Minimize Shadow IoT

There are a few things you can do to build a stronger, more proactive strategy to deal with the growing number of IoT devices on your network. 

• Accept IoT devices in the workplace. Rather than not accommodating these devices or blacklisting them completely, if you make it simpler for your employees to bring them onto your network through proper channels, they’ll be more apt to share them with your IT admin. Transparency and cooperation can be effective tools to get everyone on the same page.
  
  
• Keep IoT devices separate. You can partition your wireless network as to keep IoT devices (and software) away from core business systems.
  
  
• Seek out potential threats.  Over 80 percent of the IoT is fueled by wireless networking. By monitoring wireless signals for shadow IoT devices and networks, you can avoid IoT-induced headaches.

The IoT is big and getting bigger; and, you need help to get your IoT threats under heel. Call us today at 561-795-2000 to learn how we can help you manage your exposure to the Internet of Things.