As the number of IoT devices connected to business networks have increased over the past year, organisations are required to further rethink their security measures, according to a global survey of IT decision-makers by Palo Alto Networks.
“Cyber adversaries know that one small IoT sensor can provide entry into a corporate network to launch ransomware attacks and more,” the report said.
In India, 86 per cent of Indian enterprises believe that the shift to remote working during the pandemic has resulted in an increased number of IoT security incidents.
Non-business IoT devices
The number of non-business IoT devices connected to corporate networks has also increased.
As per the global survey, 78 per cent of respondents from organisations that have IoT devices connected to their network reported an increase in non-business IoT devices on corporate networks in the last year.
Also see: Big tech data centres spark worry over scarce Western water
84 per cent organisations in India reported an increase in the amount of non-business IoT devices connected to their business network over the past year.
Devices such smart home devices such as lightbulbs, wearable devices such as heart rate monitors, connected sports equipment, kitchen appliances such as coffee machines, game consoles and even pet technology were identified on such networks, as per the study.
Need for security changes
Survey respondents further highlighted the need for security changes to protect corporate networks from non-business IoT devices.
This year, 96 per cent of respondents from organisations which have IoT devices connected to their network indicated their organisation’s approach to IoT security needs improvement while 1 in 4 (25 per cent) respondents said that it needed a complete overhaul with the greatest security capability needs around threat protection (59 per cent), risk assessment (55 per cent), IoT device context for security teams (55 per cent), and device visibility and inventory (52 per cent).
In India, 97 per cent respondents believed that their organisation’s approach to IoT needs improvement.
Better regulations
Respondents also wish for better regulations. 73 per cent of respondents believed that IoT security regulations are not keeping pace with the amount of IoT connecting devices, thus putting them at risk.
1,900 global IT decision-makers were polled by Palo Alto Networks this year.
Segmented networks
Of this, 51 per cent indicated that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications, for example, HR system, email server, finance system. While 26 per cent of respondents said that IoT devices are micro segmented within security zones.
Also see: Amid the Capitol riot, Facebook faced its own insurrection
This is an industry best practice where organisations create tightly controlled security zones on their networks to isolate IoT devices and keep them separate from IT devices to avoid hackers from moving laterally on a network, the report noted.
“IoT adoption has become a critical business enabler. It presents new security challenges that can only be met if employees and employers share responsibility for protecting networks,” said Vicky Ray, Principal Researcher, Unit 42 at Palo Alto Networks.
“Remote workers need to be aware of devices at home that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks and create a level of segmentation to safeguard remote employees and the organisation’s most valuable assets,” added Ray.