Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Security Firm's Study Finds Thousands of IoT Devices on Company Networks

The growing number of Wi-Fi-connected shadow devices, both those provided by an employer and personal devices carried by workers, are raising threats for cyber-attacks, the report indicates.
By Claire Swedberg

While 88 percent of the IT leaders surveyed indicated they believe their security policy is either effective or very effective, they have reason not to be so confident. About 24 percent of employees from the United States and the United Kingdom said they didn't know if their organization even had a security policy. Of those companies that said their organization did have a security policy for connected devices, 20 percent of U.K. respondents claimed they followed it either rarely or never. Just one-fifth of respondents in the United Kingdom and the United States reported that they followed their policy "by the book."

Shadow device activity is, not surprisingly, highest at bigger companies, with 10 percent of respondents reporting more than 10,000 devices were typically connecting to their network. However, Tierney notes, even small businesses with between 10 and 49 employees have a significant number of devices connecting to their network, with 25 percent reporting more than 1,000 connections on an average day. That ratio rises with companies comprising 50 to 99 employees: 52 percent have 1,000 devices or more.

In addition, companies throughout the United States, the United Kingdom and Germany assign thousands of shadow personal devices, including personal laptops, Kindles and mobile phones, all of which then connect to the network. However, the United Arab Emirates has a much small number of devices connecting.

According to Tierney, the report raises significant concerns in terms of security; he cites recent events that have illustrated breaches occurring. For instance, in 2016, the Mirai botnet targeted DNS service provider Dyn (see Startup Targets IoT Hackers With New Platform). During the attack, which continued throughout a full day, prolonged interruptions to Dyn's services resulted in many sites going down across North America and Europe.

In a previous study, titled "The Infoblox Security Assessment Report," the company found that 35 percent of all files uploaded by its customers showed evidence of botnet activity. "The solution to solving these security risks is the breadth and depth of defense," Tierny says, "Effective policies are ones that not only reduce risk but are also consistent with employee culture."

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations