Playbooks for incident response at most organizations are unlikely to include provisions for breaches caused by Internet-connected teddy bears and exercise machines — but they soon might have to.
A new survey by research firm Vanson Bourne on behalf of Palo Alto Networks found smart toys and connected sports equipment to be among the many unexpected Internet of Things (IoT) devices showing up on enterprise networks around the world.
The survey of 1,350 IT business decision makers in the US and 13 other countries sought to identity current IoT security concerns and threats at enterprise organizations. Among the questions was one that asked respondents to identify the strangest IoT devices they found connected to their organizations' networks.
A startling 44% reported seeing wearable medical devices; 43% said they had encountered kettles, coffee machines, and other connected kitchen appliances; 38% said the same of IP-enabled sports equipment, including skipping ropes and weights; 34% reported smart toys; and 27% said smart vehicles. Other responses included hand-wash devices, smart trash cans — and, in one case, aircraft engines. Troublingly, a few respondents reported seeing such devices in industrial and operational tech environments as well.
"IoT devices are often being connected on enterprise networks to help employees do their jobs or manage personal tasks," says May Wang, senior distinguished engineer at Palo Alto Networks. IoT devices are brought in not only by IT departments but also different functional groups, such as facility, operations, finance, and procurement teams, and even individual employees, she says.
Innocuous as the presence of such devices might seem on an enterprise network, they pose a risk that shou ..