IoT survey from Palo Alto Networks highlights the need for shared responsibility among remote workers and IT teams to secure the enterprise
Cyber adversaries know that one small IoT sensor can provide entry into a corporate network to launch ransomware attacks and more. According to a global survey of IT decision-makers by Palo Alto Networks, 78% of respondents from organizations that have IoT devices connected to their network reported an increase in non-business IoT devices on corporate networks in the last year. Smart home devices such as lightbulbs, wearable devices such as heart rate monitors, connected sports equipment, kitchen appliances such as coffee machines, game consoles and even pet technology are among the list of the strangest devices identified on such networks in the study.
Survey responses warn of needed security changes to protect corporate networks from non-business IoT devices. This year, 96% of respondents from organizations which have IoT devices connected to their network indicated their organization’s approach to IoT security needs improvement, and 1 in 4 (25%) said it needs a complete overhaul with the greatest security capability needs around threat protection (59%), risk assessment (55%), IoT device context for security teams (55%), and device visibility and inventory (52%).
“IoT adoption has become a critical business enabler. It presents new security challenges that can only be met if employees and employers share responsibility for protecting networks,” said Vicky Ray, principal researcher, Unit 42 at Palo Alto Networks. “Remote workers need to be aware of devices at home that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks and create a level of segmentation to safeguard remote employees and the organization’s most valuable assets.”
Worth noting, of the 1,900 global IT decision-makers polled by Palo Alto Networks this year, half (51%) indicated that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications (e.g., HR system, email server, finance system), and another 26% of respondents said that IoT devices are micro segmented within security zones — an industry best practice where organizations create tightly controlled security zones on their networks to isolate IoT devices and keep them separate from IT devices to avoid hackers from moving laterally on a network.
Survey Methodology
Palo Alto Networks commissioned technology research firm VansonBourne, which polled 1,900 IT decision-makers at organizations in 19 markets: United States, Canada, Brazil, United Kingdom, France, Germany, Netherlands, Middle East (comprising of UAE and Saudi Arabia), Spain, Italy, Ireland, Australia, China (including Hong Kong), India, Japan, Singapore and Taiwan.
India Highlights:
• 86% of Indian enterprises believe that the shift to remote working during COVID-19 has resulted in an increased number of IoT security incidents
• 84% organizations have seen an increase in the amount of non-business IoT devices connected to their business network over the past year.
• 73% respondents believe that IoT security regulations are not keeping pace with the amount of IoT connecting devices, thus putting them at risk,
• 97% respondents believed that their organization’s approach to IoT needs improvement.
• Connected cameras, connected wearables, and connected home devices are some of the non-business devices organizations have found attached to their networks, which could be posing risk to Indian enterprises.