Enterprises are under growing risk from an explosion of often unmanaged, consumer-grade Internet of Things (IoT) devices on their business and operational technology (OT) networks.
For attackers, the devices — including Amazon Alexa and Echo as well as smart lights, smart meters, IP cameras, shop-floor sensors, and so on — are relatively easy targets for distributing malware, stealing data, triggering denial-of-service conditions, and causing other internal disruptions, according to two studies released this week.
One of the reports, from Ordr, is based on the company's analysis of data gathered from more than 5 million unmanaged IoT and IP-enabled medical devices between June 2019 and June 2020.
For the study, Ordr defined an IoT device as any network-connected device that was both unmanaged and did not have a network user account associated with it. Ordr collected its data from such devices on customer networks across multiple industries, including healthcare, retail, life sciences, and manufacturing.
The analysis showed that "IoT devices are pervasive and oftentimes owned and deployed by different business units — meaning facilities, operations, security, and IT — that are not considering the security risks inherent in these devices," says Jeff Horne, CSO at Ordr.
Many of these IoT devices are inherently vulnerable and either cannot be patched or need specific controls for securing them, he says. "Therefore, a resilient network segregation policy that is focused on the security risks of these devices is necessary in order to mitigate the inherent risks these devices bring to the network."
Ordr's analysis showe ..
Support the originator by clicking the read the rest link below.
