Your Employees' IoT Devices are a Cyberhacker's Best Friend


By 2020, the installed base of Internet of Things devices is forecast to grow to almost 31 billion worldwide. More than 65 percent of enterprises will be deploying IoT products by that year, according to a report by Gartner

In its IoT analysis, Gartner notes that major distributed denial of service attacks have occurred because cybercriminals were able to exploit security weaknesses of thousands of IoT devices. And as Gartner warns, with the proliferation of these devices, these DDoS events will escalate.

As enterprises step up their use of IoT devices, they need to put into place the same level of strenuous security measures they use to protect all their other hardware, software, or data assets. The most effective way to help prevent cyberattacks is to treat every IoT device as a possible threat. 

That may sound dramatic but, as Gartner also notes, by 2020 more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets.

Applying Secure Asset Management Practices to IoT
In protecting against threats in the enterprise, you have to begin at the beginning: getting a clear, manageable picture of all the IoT devices, both authorized and rogue, that your employees and contractors are using in the course of their work. Then you need to apply the most powerful security measures available to further ensure use of these IoT devices will not invite cyberattacks into your network.

Start with these five practices to gain control and secure your IoT device assets.

Create an IoT Security Squad. Many enterprises now have dedicated security executives who often are siloed from traditional IT departments.  To be most effective, security, IT, and asset management teams need to collaborate closely on managing and securing all IoT devices. For example, the asset management team has to be aware of any new security initiatives to work with IT to help integrate IoT devices with these security solutions.

Apply Thorough Discovery to IoT Devices. Just as you inventory other hardware assets, you need to apply network discovery tools to discover all IoT devices on your network. These devices should have a serial number and be tracked in any location. A good example of what happens when devices are not where they’re supposed to be is an incident that happened at Heathrow Airport last year, in which a USB stick was found on the pavement and turned out to have 2.5GB of unencrypted data relating to security protocols, including those to be used if the Queen is passing through the airport. This particular security breach had a relatively happy ending when the device was turned over to the proper authorities, but consider the potential this had for risk, ransomware and public safety.

Enforce Encryption-No Exceptions. As the Heathrow Airport incident made clear, unencrypted data is the security nightmare we all want to avoid. The vast array of IoT devices starting to become more popular in day-to-day business use need to be subject to data security governance.  This means rogue devices with unencrypted data are not welcome on your network. Employees cannot be using their own flash sticks and downloading information to that drive, data which may not be secure and encrypted. It is imperative to centrally encrypt all removable devices (such as USB flash drives) in your inventory, plus enforce encryption policies when copying to devices/media.

Rein in the Rogues! As for rogue devices, one security measure to put into place right away is access control software that focuses on the data. You can define rules to prevent any program (other than those you specify) to modify critical or sensitive documents or files. For example, a rule that allows only Microsoft Word to modify .doc and .docx files will deny any attempt from successfully installed ransomware to encrypt any such files.  

Follow the Moving IoT Security Target. NSA leaks are the classic example of what happens when we don’t know where all our devices are at the moment, and what employees are doing with them. Over a three-year period, NSA contractors were able to walk out with classified data that was not supposed to leave the perimeter of the facility. IoT – and all mobile or remote devices – present the same security challenges to the enterprise. You need to implement user-context aware security practices that can look at where the person is working, how they are working, and what they’re working on, to determine which applications they can execute.

In a perfect world, we would ensure all sensitive data is encrypted, all rogue devices are eliminated, and employees know better than to bring home sensitive data and use their own devices. Meanwhile, we can improve security by implementing a solid asset management program for IoT devices, to have an accurate view of inventory, and to prevent rogue devices from threatening the network. Access control to prevent files being encrypted with ransomware, and application control to stop devices outside the authorized geo-location from executing applications, are two other must-do steps. This gives you the foundation to fight the inevitable next round of cyberattacks.

About the author: Phil Merson is director of IT asset management at Ivanti (

Edited by Ken Briodagh

Related Articles

Ericsson Collaboration Advances 5G Drone Operations for Smart Agriculture

By: Greg Tavarez    9/21/2022

Ericsson formed a collaboration with the Aerial Experimentation and Research Platform for Advanced Wireless to advance the use of 5G for drone operati…

Read More

Pente Networks Announces $10 Million Series A, Names Avi Cohen CEO

By: Arti Loftus    9/20/2022

Pente Networks, developer of IT-centric enterprise LTE/5G solutions for service providers and their end customers, announced it has completed a $10 mi…

Read More

Astrocast Adds to Growing IoT Constellation in Orbit

By: Greg Tavarez    9/20/2022

Four Astrocast 3U spacecraft will be launched by Spaceflight aboard India's Polar Satellite Launch Vehicle mission under a commercial arrangement with…

Read More

5G Growth Driving Connected Device Form Factor Innovation

By: Greg Tavarez    9/20/2022

Frost & Sullivan's "Growth Opportunities Driven by New Form Factors" report found that the adoption of new form factors for devices will surge with th…

Read More

If You Can Make It Here, You Can Make It Anywhere: LoRaWAN Arrives in the Big Apple

By: Arti Loftus    9/19/2022

Senet announced with partners it expanded the buildout of its public LoRaWAN network across all five boroughs of New York City.

Read More