Unsecured IoT creating risk in the return to work

Palo Alto Networks study shows traditional networks are “ill-equipped to handle the surge in adoption” of IoT devices

Posted 25 September 2020 by Christine Horton

Efforts to get employees back safely into the workplace might be jeopardised by unsecured IoT (Internet of Things) devices.

A new survey by Palo Alto Networks shows that a quarter of organisations with at least 1,000 employees have not segmented IoT devices onto separate networks – a fundamental practice for building safe, smart networks.

Overwhelmingly, respondents report a rise in the number of IoT devices connecting to their networks over the last year, including connected rubbish bins, light bulbs and hand sanitiser stations. However, 41 percent of respondents said they need to make a lot of improvements to the way they approach IoT security, and 17 percent said that a complete overhaul is needed, amounting to more than half of those polled.

Only 21 percent reported following best practices of using microsegmentation to contain IoT devices in their own tightly controlled security zones.

Greg Day, VP & CSO, EMEA at Palo Alto Networks tells TDP that one of the biggest challenges and opportunities of IoT is the complex ecosystem and supply chain that quickly amasses. Firms need to focus on these interdependencies, have clear insight on what information gets passed between IoT things, and how trusted the data should be.

“This enables the rapid gathering of huge amounts of data from a myriad of sources. For example, being able to track and trace and gather live feedback from patients involved in the many trials,” he said.

However, with size and complexity so the risk naturally grows, he added.

“The current climate shows how gathering huge amounts via telemetry from so many sources can allow industries, governments and global organisations to make smarter better decisions. What’s critical is that cyber security controls; simple visibility, basic cyber hygiene and segmentation, are scaled in line with the growing risk and value from using the capabilities.”

“Traditional networks are ill-equipped to handle the surge in adoption of IoT devices,” said Tanner Johnson, senior cybersecurity analyst at Omdia. “Device behaviour baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site.”

Business Insider Intelligence forecasts there will be more than 41 billion IoT devices by 2027, up from eight billion last year.