The workplace has migrated inside the home in order to join a busy network that includes family members, visitors, and a slew of smart devices. Home and corporate networks have become entwined as a result of the tectonic shift to a work-from-home strategy. Employees now access business-critical data of variable value and sensitivity from their homes, which was traditionally restricted to secure offices on a company campus. Palo Alto Networks just published The Connected Enterprise: IoT Security Report 2021 for this purpose. We’ve uncovered that personal IoT gadgets, such as smart lightbulbs, heart rate monitors, connected gym equipment, coffee makers, and gaming consoles, are posing a threat to enterprises’ ability to protect their data and employees, with the rise in the development of remote work. Let’s find out why WFH is a new wave of IoT security concerns.
Notable IoT security Stats:
According to the poll, in the previous year, 78 percent of IT decision-makers saw a rise in non-business-related IoT devices appearing on corporate networks. The presence of susceptible, hacked devices on corporate networks, particularly on home networks, is clear evidence of poor security hygiene or failed controls. Every month, the average home is subjected to around 100 cyber threats. Individuals and businesses are at risk as a result of hackers taking note, as you’ll see below.
Also, check out our blog on Insider Threats: How to Identify and Mitigate them? (kloudlearn.us)
A massive security breach at a cloud-based security camera service firm earlier this year exposed sensitive and private video surveillance footage from its clients, allowing criminals to pivot into the corporate networks of some customer accounts. This attack reveals how putting corporate IT and IoT devices on the same network allows the malware to propagate from vulnerable IoT devices to corporate IT systems and back. This makes it simple for an attacker to travel between devices laterally.
A recent home router security study (cited by Threat Post) found that virtually all tested routers had unpatched and often severe security issues, putting those devices and their users at danger of cyberattacks. Cybercriminals have used a variety of techniques to obtain access to targeted WiFi networks. That includes abusing insecure home and workplace smart devices, utilizing them to conduct ransomware attacks, and more.
This finding raises one of the most difficult concerns facing today’s business leaders: How secure is the hybrid workforce, which includes a variety of smart, unprotected, non-business-related devices?
Many companies have made significant expenditures in their IT systems and infrastructure to allow work from home. However, the security gap that has resulted has not been appropriately addressed.
Taking a Closer Look at the Work-from-Home Model — IoT Security: A New Wave of Concerns
Beyond laptops and cellphones, new corporate-issued IoT devices are available.
Some of the unmanaged home networks are:
Voice-over-IP (VOIP) phones, collaboration and productivity tools like video cameras and microphones, digital whiteboards, and other similar devices.
Because typical business security, such as agents or virtual private networks (VPNs), cannot be set on these devices. As they lack an effective security posture built-in at the device level.
Even if employees have a VPN installed on their laptops at home, the protection is confined to that device. If the laptop connects to an unsafe house’s WiFi network, it might be the target of a lateral threat movement from a linked, infected IoT device. As a result, an attacker may be able to get access to the business network.
Because many organizations have embraced “bring your own device” (BYOD) rules, employees are increasingly using their own gadgets for work. When used for work, personal devices such as computers, phones, and tablets, which are not equipped with adequate security, enhance the danger. Furthermore, highly sensitive work that was previously performed on corporate campuses is increasingly being done at home.
Some of the examples are:
- Executives preparing financial regulatory filings,
- engineers developing IP-sensitive source code and hardware,
- financial and legal sections conducting high-value business and contractual transactions,
- customer support teams collect sensitive customer data on support calls, and
- government authorities working with business confidential information of firms that they regulate.
Employees could badge in when working on a corporate campus, and IT departments. Also, could basically install a standard level of protection for devices on that network. That isn’t always the case, though. In insecure home WiFi situations, personal IoT gadgets, such as digital smart speech assistants, may be constantly in listening mode. Hackers can even utilize IoT devices to listen in on a company’s sensitive and business-critical discussions at home. In summary, three major difficulties are combining to create a perfect storm of IoT security concerns stemming from home-based work:
Unmanaged IoT Security Posture:
#Challenge — With a variety of IoT devices on the network that cannot be secured by security software and policies, home networks are inherently insecure.
#Impact — Keeping up with threats infiltrating the enterprise via the home network is difficult.
Network Segmentation Deficit:
#Challenge — Breaching the home network gives hackers a footing to travel laterally across the home network and potentially into the enterprise. Lack of network segmentation is a challenge.
#Impact – Hackers get access to business devices, allowing them to infiltrate networks and gain access to credentials, resources, and data.
Insufficient Network Visibility:
#Challenge — Compliance and security operations (SOC)/incident response (IR) teams lose substantial visibility into behavior related to work devices due to a lack of network visibility.
#Impact – Due to a lack of network audit logs, incident response is ineffective.
As a result of these issues, the potential of targeted attack campaigns has increased, putting important company data and applications at risk. Adapting to this new work style necessitates adopting a cutting-edge security strategy. A method for elevating security from the device to the network level.
Security should be a strategic requirement for any company, regardless of where its workers work.
Work-from-Home Security Begins at Home
Device Discovery and Home Network Segmentation: Identify and classify all devices in the home, including home automation, audio/video equipment, Network Attached Storage (NAS), laptops, games, health devices, and printers.
Data-Driven Security Controls Must Be Enforced: Stop malware downloads, detect infected devices, and limit communication between infected devices and attackers by enforcing data-driven security controls.
Incorporate Zero-Trust Security Into Your Home: To prevent unwanted devices from connecting to your corporate networks, your security policy should be aligned with the concepts of Zero Trust to enforce policies for least-privileged access control. Extend the trusted enterprise sector into the house to provide work-from-home employees with a secure campus-like environment.
Final words on IoT security
Implementing best practices and employing the appropriate toolset is essential for preventing the next major attack. Find the correct tool to help users discover potential dangers based on what’s going on inside the system as well as outside the corporate network. Users may monitor IoT devices and uncover attack patterns in real-time using features like threat detection and correlation rules.