By 2018, two-thirds of enterprises will experience IoT security breaches. As of June 2016, 65 percent of enterprises have actively deployed IoT technologies.
ForeScout Technologies released its IoT Enterprise Risk Report, which offers new insight into how common enterprise IoT devices pose risk to the security posture of organisations.
The report states that while IoT devices make it possible for organisations to operate faster and more efficiently, they are too often used with little regard to their security risk. The rush to deliver new IoT technologies sacrifices security – almost 100 percent of the time.
Led by Samy Kamkar, an ethical hacker, the research focused on seven common enterprise IoT devices, including IP-connected security systems, smart HVACs and energy meters, video conferencing systems and connected printers, among others. When successfully hacked, all of the devices are a gateway into the broader enterprise network.
Observations from a physical test situation and analysis from peer-reviewed industry research proved that these devices pose significant risk to the enterprise since most of them are not built with embedded security. Many of the devices that were outfitted with rudimentary security were found to be operating with dangerously outdated firmware.
Some key findings from the report include:
The identified seven IoT devices can be hacked in as little as three minutes, but can take days or weeks to fix.
If any of the devices become infected, hackers can plant backdoors to create and launch an automated DDoS attack.
To hack smart enterprise security systems, cyber-criminals can leverage jamming or spoofing techniques.
With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls.
Hackers can force critical rooms, such as server rooms, to overheat critical infrastructure and ultimately cause physical damage.
“IoT is here to stay, but the proliferation and ubiquity of these devices in the enterprise is creating a much larger attack surface – one which offers easily accessible entry points for hackers. The solution starts with real-time, continuous visibility and control of devices the instant they connect – you cannot secure what you cannot see,” said Michael DeCesare, president and CEO of ForeScout Technologies.