Security impact of IoT on the Enterprise
We are moving to a time where many ‘things’ that we know and use have the capability to be connected to a network either wired or wirelessly. The way we use technology is becoming more integrated in all aspects of our daily lives and is steadily integrating within the enterprise environment. A core concern for businesses is therefore the risk of introducing Internet of Things (IoT) devices to the enterprise.
This paper has been written due to emergent focus on IoT device security and how in many cases, the ease with which they can be attacked by outsiders and used to gain a foothold onto associated networks. Research has demonstrated how IoT devices can be a security threat to a user’s home from tampering with “smart” lightbulbs to opening an Internet-connected lock on a door. To date, a lot of focus has been on IoT security in the domestic space, but how soon before the researchers, and hostile threat actors, divert their attention to businesses introducing IoT within their buildings, offices and IT infrastructures? What mitigations have been, or need to be put in place to prevent an IoT-based attack?
At the end of 2018, Gartner 2 reported that “CIOs should ensure they have the necessary skills and partners to support key emerging IoT trends and technologies, as, by 2023, the average CIO will be responsible for more than three times as many endpoints as this year .”
This paper is aimed at identifying what risks businesses face when using IoT devices, what organisations need to be aware of and security baselines which organisations should be aiming towards when installing and maintaining enterprise IoT devices. This information should be helpful to C-level executives and IT administrators wanting to know the risks they face and what mitigation options exist.