09 November 2021
The Internet of Things (IoT) is not a new concept. For years, IoT devices have been widely and deeply embedde into our homes and businesses as well as society in general. But, when the pandemic struck last year, that level of integration suddenly became a security liability for thousands of companies.
The IoT challenge
Even before the pandemic struck, IoT security was far from easy. In fact, research discovered that one third (33%) of UK businesses believed there were around 1,000 unauthorised or nonbusiness related IoT devices – also known as Shadow IoT devices – connected to their enterprise networks. These devices can open a business up to attack and also enable unsanctioned “lurkers” to access any given network. One of the consequences of the rise of shadow IoT was a surge of 17 million cases of distributed denial-of-service (DDoS) attacks across the globe in 2020 alone.
As remote working increased during the pandemic, so too did the use of remote and IoT devices, increasing the threat they pose to organisations. The average home today has 11 IoT devices connected to its network–many of which have weak or nonexistent security protocols. Each of these devices will be unknown to the IT team and, as such, could provide a vector through which malware can enter an employee’s home network and then move laterally to infect the corporate network as well.
Given that businesses can’t easily enforce corporate security policies on devices that sit outside of their infrastructure, this is opening up the floodgates and putting businesses at increased risk from attacks such as phishing and malware.
To add to this, many employees are naturally less risk-averse in their home environments. They will willingly use their work devices to engage in behavior that they might think twice about in the office, such as browsing social media, shopping or streaming entertainment services. What they might not realise is that this use of insecure Wi Fi connections, unsanctioned applications, and browsers with insecure plug-ins has the potential to compromise the whole business network.
While the government is no longer instructing people to work from home, it has been reported that many businesses do not plan to rush back to the office. In fact,84% of UK businesses plan on making a permanent change and implementing a flexible or fully remote strategy moving forward. With some form of remote working here to stay and IoT devices set to continue proliferating in the future – the latest estimates project there will be over 21.5 billion IoT devices by 2025 - failure to address these security issues now could spell disaster in the long term.
Getting the upper hand
One of the most powerful ways that IT teams can protect their network against shadow IoT threats is by increasing visibility. This is where DNS (Domain Name System) tracking can help. As one of the first services that devices use when they connect to a network, DNS knows exactly what every IoT device is doing and provides a viewpoint of the entire organisation through a massive pool of forensic data. It doesn’t rely on a device being authorised or known to IT. Instead, DNS simply needs a device to access the internet.
In fact, by merging DNS, DHCP, and IPAM, businesses can address many of the IoT challenges that come along with our current remote working landscape. These three technologies – also known as DDI – can pinpoint threats at the earliest stages, identifying compromised machines and correlating disparate events related to the same device. By providing an upto-date view of all devices connected to a network, regardless of location, they help to diminish some of the strain placed on IT professionals. They can even help teams to automate the provisioning of security services on remote endpoints, which removes the need to ship devices back and forth for on-site patching and allows organizations to secure users working from home.
As businesses of all shapes and sizes become increasingly remote and borderless, the IoT threat has never been more real. Defending from the network edge should be a priority for all security teams moving forward. Using core infrastructure like DDI will give organisations the upper hand and enable them to protect their networks and their employees, no matter where they’re logging on from.