The IoT revolution is in full swing, meaning that enterprise IT teams must take extra steps to secure their networks to accommodate the rapid proliferation of internet-connected devices.
According to Verizon’s 2017 State of the Market: Internet of Things report, there are now nearly 8.5 billion web-connected devices in the world, representing an incredible 31% increase in the last year alone. Additional research suggests that the number of Internet of Things (IoT) devices could surpass 50 billion as soon as 2020, at which point the global IoT market will account for nearly $14.5 trillion in annual sales.
The takeaway here is simple: the IoT is becoming an increasingly prominent part of the way we live our lives and the way we conduct business. And while the proliferation of IoT devices will benefit professionals in any number of fields — from healthcare, to oil and gas, to warehousing — it will also present new and often unforeseen cybersecurity challenges.
The promise of a “smart” internet-connected device rests with its ability to gather, transmit, and utilize data in meaningful, productive ways. The problem with these devices is that they’re so recent and numerous that many IT administrators aren’t able to register their traffic, resulting in their data operations “flying under the radar,” as it were.
For instance, the BBC recently published a report on how Hussein Syed, the chief information security officer for New Jersey’s largest healthcare provider, RWJBarnabas Health, got a rude surprise when he hired an IoT cybersecurity specialist to assess his networks. Syed understood that RWJBarnabas’ networks were highly complex — they spanned a total of 13 hospitals throughout New Jersey, meaning the team was actively managing 30,000 computers, 300 apps, a datacenter, and thousands of mobile phones at the time of his site survey.
What he found out, however, was that there were more than 70,000 internet-enabled devices accessing the RWJBarnabas networks, nearly double what he had anticipated. “We found a lot of things we were not aware of,” Syed admits, “systems that weren’t registered with IT and which didn’t meet our security standards.”
Unfortunately, Syed’s eye-opening experience is entirely too common. According to the same BBC report, organizations typically underestimate the number of devices linked to their networks by 30% to 40%.
It would be one thing if this sort of “shadow IT” was operating according to robust security protocols, but the reality is that the standard configurations of most IoT devices come nowhere close to even a baseline corporate cybersecurity threshold.
While the typical smartphone, tablet, or laptop is equipped with some passable antivirus software and similar security mechanisms, an overwhelming 96% of mobile devices still do not have encryption protection. Wearables and other less ubiquitous IoT devices put network administrators in an even more difficult position.
As any networking expert will confirm, a network’s security is only as strong as its weakest link, meaning an organization’s best-laid cybersecurity plans can be undone by a single unsecured IoT device. Syed readily admits that his system’s “unidentified devices could definitely have been access points for hackers who could have then found high-value assets on [the] network.”
While IoT devices for which security is only a background consideration present IT administrators with a substantial challenge, there are a number of precautions administrators can take to ensure the integrity of their networks.
For one, it helps to take a “behavioral” approach to network monitoring. Even if an IoT device has full access to an organization’s IT infrastructure, an administrator can evaluate the device’s network requests to determine whether the device may have been compromised. If, for instance, a wireless printer is attempting to gain access to critical devices or highly-secure areas of the network, something is likely amiss.
It also helps to implement strong encryption protocols and encourage the use of segregated virtual private networks (VPNs) throughout one’s organization, as this will prevent a rogue IoT device from easily accessing the organization’s entire portfolio of sensitive data.
Finally, network administrators should recognize when they need help and partner with a network security expert like Turn-key Technologies. Hussein Syed is an experienced, competent IT professional, and even he was only able to secure his high-value networks after he sought the guidance of a cybersecurity specialist.
In the dawning IoT era, collaborative networking partnerships will increasingly become the norm, and Turn-key Technologies has the knowledge and expertise necessary to help any organization secure their ever-more complex networks without compromising performance.
Please, rotate your device