IoT devices threaten corporate IT security, new survey finds

Irish companies are confident but some admit security measures need overhaul

Photograph: iStock
Photograph: iStock

Connected coffee makers, fitness devices and even pet accessories could potentially pose a threat to enterprises, and businesses must adapt their security practices to protect corporate networks, a new survey has found.

The research, from Palo Alto Networks, found that 86 per had seen a rise in security incidents involving connected devices - also known as Internet of Things (IoT) devices as the Covid-19 pandemic caused a shift to remote working.

But IT-decision makers in Ireland are among the most confident in the Europe, Middle East and Africa region that they have visibility of such devices connecting to their organisation's network, and also their employees' home networks.

IoT security visibility is critical to allow companies to scan for anomalies across its network, Palo Alto Networks' country manager Paul Donegan said.

READ SOME MORE

That ability could be critical to network security. The survey found that of those respondents in Ireland who have IoT devices connected to their organisation’s network, 75 per cent reported an increase in non-business IoT devices connecting to corporate networks in the last year.

Among the most commonly reported devices were smart light bulbs, heart rate monitors, connected gym equipment, coffee machines, game consoles and even pet feeders.

Despite that confidence in network visibility, Mr Donegan noted that it began to drop as companies were questioned on whether their solutions in place were enough, reflecting his conversations with clients. “The technologies that deployed gave them the visibility, but as they moved through the journey of and discovery to securing to protect [THE NETWORK], the secure part for them wasn’t fully there yet,” he said.

Some 86 per cent of companies said there had seen an increase in the number of IoT security incidents for their organisation as a result of remote working. And the majority - 98 per cent - of that group said their organisation’s approach to IoT security needs improvement. Four in 10 said it needed “a complete overhaul” the survey found, more than twice the average reported among EU companies.

Mr Donnegan pointed to the 36 per cent of companies that segmented the devices on a separate network from their primary business devices and business applications, with 28 per cent opting for tightly controlled “micro segments” within security zones for such devices to isolate the IoT devices and reduce the security threat.

A cause for concern was the 36 per cent of companies that had not considered specific IoT security measures.

“Such practices put businesses at serious risk, not only of a breach but also of allowing attackers to escalate their attack through an organisation’s systems and data. As criminal gangs become more aggressive and greedier in their demands, it really is incumbent on organisations to implement robust micro-segmentation policies so they can contain and mitigate future breaches.”

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist