With the increase in the number of IoT devices, more and more devices are connecting to corporate networks, and in most cases, organizations do not have enough information about these devices. But for cybercriminals who want to damage the network, each of these devices has the potential to crack the network through which they can infiltrate. Networked toys, coffee machines, cars. Here are just a few of the disorganized Internet of Things (IoT) devices that can leave organizations vulnerable to cyberattacks and insecurely connect to corporate networks.
A research paper by Palo Alto Networks details the increase in IoT devices connected to corporate networks and their wide variety. The most common irregular devices connected to organizations’ networks vary widely, particularly vehicles, gaming equipment, and medical devices.
These devices connect to each other and to the institution’s network. Thus, they help people directly or indirectly in their work or personal life. However, they can also cause additional problems for corporate networks. In most cases, these “shadow IoT” devices are included in the network without the knowledge of corporate security teams. This could potentially leave the corporate network vulnerable, as cyber attackers can open the doors to the corporate network after hijacking some IoT devices that are vulnerable, easily discoverable, and exploitable. The flat network structure, which is still used in some places, allows attackers to switch between systems.
Statement by Greg Day, EMEA Vice President and CSO of Palo Alto Networks
“If a device has an IP address, it can be found. Disorganized devices unfortunately often pass cybersecurity checks at all or inadequately, using simple passwords, without updates and basic firewall checks. Considering that some of these devices are very cheap, the costs of additional security applications for these situations are not very reasonable ”
Greg Day also said, “We live in a business world where IoT opens up new business opportunities that should rightly be embraced. However, businesses need to know what and why are connected to their digital processes and systems, ”he said.
Recently, a casino’s network was attacked via IoT aquarium
Even IoT devices connected to the network by the organization itself can contain vulnerabilities that could allow hackers to gain full access to the network. A famous recent example of this situation is cybercriminals using a networked aquarium to break into a casino’s network and steal information about customers. Many organizations need to better control IoT devices connected to the corporate network, but then they can protect them from exploitation when discovered by cyber attackers.
The way to do this is to be able to see all devices, especially the newly connected ones, and to make the IoT products segmented to prevent them from being used as a gateway to a larger and more comprehensive attack.