How Did THAT Get on My Corporate Network?
IoT survey from Palo Alto Networks highlights the need for shared responsibility among remote workers and IT teams to secure their enterprise.
As the lines between work and home environments continue to fade away, so does the separation between corporate and personal devices. IoT Analytics expects that by 2025, there will be more than 30 billion IoT connections, which is almost four IoT devices per person on average.
According to The Connected Enterprise: IoT Security Report 2021 published today by Palo Alto Networks, 78% of IT decision-makers (among those whose organization has IoT devices connected to its network) reported an increase in non-business IoT devices connecting to corporate networks by remote workers in the last year. Smart lightbulbs, heart rate monitors, connected gym equipment, coffee machines, game consoles and even pet feeders are among the list of the strangest devices identified on such networks.
While the list of unusual IoT devices found on networks makes for interesting reading, attackers only need one employee to have one vulnerable device. At that point, personal devices rapidly become a huge problem for businesses. It may be convenient to start preheating the oven from your smartphone, but it may also be a point of entry to your corporate network.
The new work-from-home (WFH) culture makes vulnerability management and the improvement of cyber hygiene everyone's responsibility. When a cyber attacker obtains administrative access to a home router, it’s pretty much game-over for every device connected to it. For the WFH employee, the first point of improvement is to secure their wireless router and create a strong Wi-Fi password. This simple act will significantly reduce the chance of a hacker gaining access to the home network.
WFH employees should also leverage the micro-segmentation feature that is usually found in the firmware of most Wi-Fi routers. This allows users to keep separate networks: one for guests and IoT devices and one used for corporate purposes. Network segmentation is key to good overall cyber hygiene in the enterprise and at home. According to the IoT survey, 51% of IT decision-makers (who have IoT devices connected to their organization’s network) indicated that IoT devices are segmented on a separate network. They are separate from the one they use for primary business devices and business applications (e.g., HR system, email server, finance system).
Being cyber secure at home just got even easier with the release of Palo Alto Networks Okyo Garde™. That cybersecurity is designed to address the new hybrid work environment where the workplace is as likely to be a kitchen table or spare bedroom as an office cubicle. Currently available in the United States for personal and small business use, Okyo Garde combines hardware, software and security services in one seamless, simple subscription. Okyo Garde Enterprise Edition, with Prisma® Access integration, is expected to be available in the U.S. in early 2022.
Organizations should be using least-privilege access policies to stop unauthorized devices from connecting to their networks. They should only allow approved devices and users to access what is necessary. Leveraging Zero Trust is the best way to ensure that these devices won’t create data exposure or negatively impact business continuity. For IoT security specifically, organizations need a real-time monitoring solution that continuously analyzes the behavior of network-connected IoT devices. These can leverage existing firewall investments to automatically recommend and enforce security policies. This would be based on the level of risk and the extent of untrusted behavior detected in those devices. A point solution can extend a corporate network and bring unified security policy management and secure access service edge (SASE) to WFH employees.
Palo Alto Networks IoT Security combines machine learning with patented App-ID™ technology to provide the most accurate and deepest level of visibility into IoT and OT devices for effective baselining of their normal behaviors. The solution empowers security teams to proactively prevent threats, monitor device risk, detect anomalies and recommend policies for enforcement.
For two years, nearly all the respondents (96% in 2021 and 95% in 2020) to the IoT survey indicated that their organization needs improvement in their approach to IoT security. In 2021, 25% suggested a complete overhaul would be best. It’s time for organizations to shift the way they have traditionally responded to cybersecurity and create a culture of proactive cyber health that extends from the c-suite to all employees. This shift will enable the investment and focus on cyber hygiene practices that will help thwart cyber attacks and reduce the potential impact of a cyber incident.
Learn more about Palo Alto Networks IoT survey and gain insight on securing your enterprise. Download your free copy of The Connected Enterprise: IoT Security Report 2021.