New research has been released that exposes the significant threat posed by shadow Internet of Things (IoT) devices on enterprise networks. The report from Infoblox Inc., a provider of secure cloud-managed network services, is titled What’s Lurking in the Shadows 2020.
The research study surveyed 2,650 IT professionals across the US, UK, Germany, Spain, the Netherlands and UAE to understand the state of shadow IoT in modern enterprises.
Shadow IT devices are defined as IoT devices or sensors in active use within an organisation without IT’s knowledge. Shadow IoT devices can be any number of connected technologies including laptops, mobile phones, tablets, fitness trackers or smart home gadgets like voice assistants that are managed outside of the IT department. The survey found that over the past 12 months, 80% of IT professionals discovered shadow IoT devices connected to their network, and nearly one third (29%) found more than 20 devices.
The report revealed that, in addition to the devices deployed by the IT team, organisations around the world have countless personal devices, such as personal laptops, mobile phones and fitness trackers, connecting to their network. The majority of enterprises (78%) have more than 1,000 devices connected to their corporate networks.
“The amount of shadow IoT devices lurking on networks has reached pandemic proportions, and IT leaders need to act now before the security of their business is seriously compromised,” says Malcolm Murphy, technical director, EMEA at Infoblox.
“Personal IoT devices are easily discoverable by cybercriminals, presenting a weak entry point into the network and posing a serious security risk to the organisation,” he adds. “Without a full view of the security policies of the devices connected to their network, IT teams are fighting a losing battle to keep the ever-expanding network perimeter safe.”
Nearly nine in ten IT leaders (89%) were particularly concerned about shadow IoT devices connected to remote or branch locations of the business.
“As workforces evolve to include more remote and branch offices and enterprises continue to go through digital transformations, organisations need to focus on protecting their cloud-hosted services the same way in which they do at their main offices,” the report recommends. “If not, enterprise IT teams will be left in the dark and unable to have visibility over what’s lurking on their networks.”
To manage the security threat posed by shadow IoT devices to the network, 89% of organisations have introduced a security policy for personal IoT devices. While most respondents believe these policies to be effective, levels of confidence range significantly across regions. For example, 58% of IT professionals in the Netherlands feel their security policy for personal IoT devices is very effective, compared to just over a third (34%) of respondents in Spain.
“Whilst it’s great to see many organisations have IoT security policies in place, there’s no point in implementing policies for their own sake if you don’t know what’s really happening on your network,” Murphy comments. “Gaining full visibility into connected devices, whether on premises or while roaming, as well as using intelligent systems to detect anomalous and potentially malicious communications to and from the network, can help security teams detect and stop cybercriminals in their tracks.”