Page 11 - index
P. 11
According to Verizon, organizations will introduce more than 13 million fitness trackers in the
workplace by 2018 as part of health and wellness programs. While these devices can greatly
benefit organizations and employees alike, the security vulnerabilities and privacy concerns in
each device cannot be overlooked.
The Reality of IoT Threats to the Enterprise
The proliferation of IoT brings with it new, complicated and unknown cybersecurity threats to
both the consumer and the enterprise. Each and every device that connects to the Internet
poses a risk, and the potential effects of any successful intrusion are significant and startling.
Yet, organizations are rapidly deploying IoT devices throughout their environment, and allowing
the devices of employees and guests come in and out of their airspace with seemingly no
concern for security.
Some organizations mistakenly assume that their current BYOD policy scales to include IoT
devices, when in actuality most do not, enabling devices to freely connect to mesh networks and
collect, store and transmit sensitive data. What’s worse, organizations do not have any visibility
into these networks – so they cannot even see what is coming in and out of their environment,
or if a hacker has used an IoT device as a pathway to gain access to the corporate network.
Which, unfortunately, isn’t very hard to do.
According to HP Security Research, there are an average of 25 security vulnerabilities in each
IoT device, or 25 different opportunities for a hacker to infiltrate the device and all its data. With
15 million devices coming to market every day, it is impossible to patch and secure them all,
leaving the vulnerabilities vacant for adversaries to exploit.
It is absolutely within the realm of possibility for a hacker to hot-mic a CEO’s Bluetooth device
and overhear financial negotiations or acquisition discussions. An adversary could also
penetrate the collection of fitness-tracking devices provided by an organization and follow the
location-based signals to determine where an executive is in the building at any given time.
These connected devices go beyond just fitness trackers and Bluetooth headsets, however.
While the world transitions to connectedness, so too does critical infrastructure. Companies in
the energy and utilities sector are expected to add IoT technology to 80 percent of smart meters
by 2020, and technology is already being added to control systems to enable remote
manageability.
While there are standards and frameworks in place and in process to protect control systems in
critical infrastructure, they do not account for the connected devices brought in by facility owners
and operators. Because of the significant vulnerabilities in IoT devices, anyone that enters a
control system environment is now a potential national security threat.
We have seen successful cyber attacks result in financial losses and leaked photos, but the
potential damage of a hack in the IoT is far worse. Hackers are no longer rebel teenagers trying
to crack the code, and breaches are no longer due to accidental infections; today’s cyber threats
11 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
