The Internet of Things may be mostly a consumer-facing phenomenon, but businesses too have become swayed by the IoT sensation. And, like regular users, they are starting to feel the heat caused by unsecured IoT devices.
Analyzing its cloud threat intelligence to determine the greatest IoT risks to companies, 802 Secure found that most organizations are blind to IoT networks and devices across a range of new protocols and frequencies, highlighting extensive data exposure risks across different enterprises.
The firm surveyed a “subset” of organizations with staff of 10,000 or more, but it doesn’t say exactly how many organizations it polled – an important factor in the margin of error.
But if the research is anything to go by, many companies are in hot water in a world where cyber-threats never cease multiplying. One of the most alarming allegations of the surveyors’ report is that most companies are still prone to 10-year-old wireless vulnerabilities.
And, believe it or not, every single organization surveyed had rogue consumer IoT wireless devices on its enterprise network, while 90% had Shadow IoT/IIoT wireless networks. In this context, “shadow” refers to undetected company-deployed wireless networks separate from the enterprise infrastructure.
A least 1 wireless attack occurs every week at these organizations, the firm found. 33 misconfigured wireless printers providing access to the enterprise network are detected every month. For organizations processing credit cards via misconfigured wireless printers and rogue IoT devices, three PCI (Payment Card Industry) violations were recorded per month.
30 Wi-Fi drones are detected every month on average on properties like HVAC and power distribution facilities, and other portions of buildings inaccessible to humans.
“These drones are capable of performing video and audio surveillance, as well as carrying pathogens or other dangerous threats,” researchers said.
Emerging threats include new wireless USB thumb drives and spy cameras, with 10% of organizations having new USB wireless thumb drives plugged into other devices, providing data exfiltration out-of-band from their sanctioned wired or wireless networks.
And 1,100 individuals accessed unapproved or risky WiFi networks each month near the organization’s facilities, outlining the need to employ VPNs, endpoint protection solutions, and mobile device management (MDM) solutions to protect corporate assets.