A Dive Into the Dark World of Shadow IoT (And How to Reduce the Risks)

October 24, 2019 - 7 minutes read

The rapid development of the Internet of Things (IoT) has unlocked a multitude of unprecedented benefits for companies and consumers. But as new capabilities become possible through this connected technology, so do new concerns.

Cybersecurity has plagued IoT since its inception. Because many IoT developers prioritize innovation, this vital factor has taken a backseat and fallen far behind the pace of progress in the field. As a result, this has opened up the opportunity for potentially malicious devices to sneak their way into enterprise networks without being recognized by IT and security departments.

These devices comprise what is known as Shadow IoT. Let’s examine the dangers these devices present to your organization and how you can mitigate them.

The Cost of Rapid IoT Innovation

Before IoT, the Internet itself laid the groundwork for a more connected world. And it’s nothing short of a technological miracle. Consider this: In the span of a couple of decades, humanity managed to connect every corner of the globe to one information transmission system. In only a few years, this technology went from being an experimental communication method to an essential utility of modern society.

Today, the Internet has evolved and expanded outside of its digital origin to include the physical world around us; every day, hundreds of devices are connecting to the world wide web. This phenomenon is known as the Internet of Things. And it shows no signs of slowing down.

The year 2017 saw the connection of over 8.4 billion IoT devices. By 2020, this number will reach an astounding 30 billion, and the IoT market is expected to reach a value of $7.1 trillion that same year! At this point, you’re probably wondering what’s causing such a drastic increase in the number of IoT devices? IoT’s versatility knows no bounds. In fact, this technology has the potential to transform industries such as agriculture, medicine, transportation, and manufacturing.

With that said, it’s no surprise that organizations everywhere are racing to integrate IoT’s capabilities into their operations. But such rapid incorporation comes with drawbacks. Chief among them is shadow IoT, devices connected to operational environments without anyone’s knowledge or explicit approval.

Here are the biggest risks of shadow IoT.

Lack of Risk Awareness

Lack of awareness if the biggest risk of shadow IoT. This is unsurprising when you consider that IoT itself is still a fairly new concept for most companies. Couple this with the fact that most organizations haven’t experienced a shadow IoT cybersecurity attack, and it’s easy to see why many of them consider this a non-issue or problem they only hear about in the news.

But it’s this complacency and ignorance that often leads to organizations becoming vulnerable to shadow IoT in the first place. So, how can you take steps to address this and protect yourself?

Obviously, raising awareness about shadow IoT’s dangers is a straightforward way to mitigate this problem. But in practice, this is easier said than done. Because shadow IoT is so new, there are numerous unknowns surrounding it, including the methods and avenues of attacks that malicious hackers can employ. But infamous cases like the Mirai Botnet attacks, which caused major outages in U.S. east coast cities like Boston and NYC, are a harsh reminder of what’s possible.

To avoid experiencing these issues up close and personal, consider hosting a security training seminar to bring your employees up-to-speed on the latest IoT security protocols.

Vendor Equipment and Services

When companies are getting started on implementing their IoT endeavors, it’s common for them to turn to vendor equipment and services for help. But these assets are often just as susceptible to shadow IoT attacks as you are on your own.

This is unfortunate since organizations usually only work with vendors they’ve built a trusting relationship with. And the problem only becomes worse when you consider that most companies will likely need to rely on multiple vendors to get their IoT projects off the ground, thus substantially increasing the number of attack vectors.

To stymy this issue, always assess the safety and security of the IoT products you’re purchasing during both the selection and post-purchase processes. If you’d like to take things a step further, consider performing security audits for your main IoT device suppliers. This goes a long way towards ensuring they’re adhering to appropriate safety protocols.

Personal IoT Devices

More often than not, personal IT devices are the main causes of shadow IoT issues. This makes sense when you think about it — not only is it difficult to keep track of what each of your team members brings to work, but the number of IoT devices the average person carries around is increasing each year.

Smartphones, fitness wearables, smartwatches, and medical devices are usually the main culprits behind shadow IoT attacks caused by personal devices. All it takes is one of these devices to be compromised for hackers to attack multiple company assets.

To decrease the risk of personal devices, introduce a security policy to manage how employees use them in the workplace. Your policy should be compliant with modern information security standards like the ISO 27001. Similarly, introducing a BYOD policy can help foster a strong company culture of information security.

Stay Prepared and Updated on IoT Developments

It’s impossible to completely protect yourself from shadow IoT. So prepare yourself for it by thinking of it as an environmental hazard: Always have mitigation tactics in place as well as a plan if an emergency arises. Update them regularly and simulate breach scenarios so your employees know what to do in case the real deal occurs.

IoT is an integral part of the future of technology. By taking appropriate measures such as raising awareness and establishing policies, you can ensure your company is ready for whatever comes its way.

Tags: , , , , , , , , , , , , , , , , , , ,