A quarter of employees have connected at least one internet of things (IoT) device to the corporate network, with less than half of IT professionals confident that they’re securely configured, according to new research from Tripwire.
The security vendor interviewed over 700 IT professionals and senior decision-makers on both sides of the Atlantic to compile its Enterprise of Things report.
It found that IoT is already widespread, with the average number of devices for staff who work from home standing at 11.
This number will increase as more corporates adopt IoT to improve business efficiency, it added.
What’s more, less than half of IT pros interviewed said they are confident in the secure configuration of the most common device types, with the number dropping to “fewer than 20%” when considering newer, less common IoT device types.
This is dangerous because of the potential for “cross contamination” of home and corporate networks, said Tripwire.
“While consumer-focused IoT devices present minimal direct risk to the enterprise, many of them connect back to a vendor’s infrastructure via the internet to store user data,” said Tripwire security researcher, Craig Young.
“Successful attacks against these back-end infrastructures could provide attackers with user credentials and other information that could enable them to gain a foothold into an employee’s home network. From there it’s entirely possible to for an attacker to install keyloggers or other malware designed to steal the user credentials necessary to log onto corporate networks.”
Nearly a quarter of C-level execs and IT pros said they have “no visibility” into current protection levels for IoT devices.
Network segmentation, continuous vulnerability scanning and detailed log and event alerts and analysis were the most common controls used by respondents to protect IoT devices.
Eset security specialist, Mark James, argued that employee education on how to stop IoT security breaches and what software is acceptable to install on the devices, is also essential.
“Devices need to be vetted to ensure they meet security standards along with some kind of policy to limit the type of software installed on them,” he told Infosecurity.
“Updates need to be applied on all devices that include operating systems and applications, software and hardware need to be reviewed on a regular basis to ensure that security is at its highest.”