Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Research delves into enterprise IoT risks

ForeScout Technologies : 28 October, 2016  (Technical Article)
ForeScout Technologies issues report on the risks faced by enterprises when deploying Internet of Things devices
Research delves into enterprise IoT risks

IoT security company, ForeScout Technologies, has released findings from research led by ethical hacker, Samy Kamkar. The "IoT Enterprise Risk Report" offers new insight into how common enterprise IoT devices pose an inherent risk to the overall security posture of organisations.

According to ForeScout's President and CEO, Michael DeCesare, the Internet of Things is here to stay but the proliferation and ubiquity of these devices in the enterprise is creating a much larger attack surface, one which offers easily accessible entry points for hackers.

“The solution to this starts with real-time, continuous visibility and control of devices the instant they connect. You cannot secure what you can't see,” he said.

Kamkar’s research focused on seven of the IoT devices which are commonly found in enterprise environments. Such devices include IP security systems, smart HVACs and energy meters, video conferencing systems and connected printers.

According to his observations from a physical test situation and analysis from peer-reviewed industry research, these devices pose significant risk to the enterprise because the majority of them are not built with embedded security. Of the devices that were outfitted with rudimentary security, Kamkar’s analysis revealed many were found to be operating with dangerously outdated firmware.

His research also included a physical hack into an enterprise-grade, network-based security camera. Entirely unmodified and running the latest firmware from the manufacturer, the camera proved itself vulnerable and ultimately allowed for the planting of a backdoor entryway that could be controlled outside the network.

The entire hack can be seen in this YouTube video

Some of the key findings of the IoT Enterprise Risk Report demonstrate the kinds of risks that IoT security failures can pose for a company.

* Hacking the 7 devices took as little as three minutes but can take days or weeks to remediate.
* Once inside, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack.
* Cybercriminals can use jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment.
* With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls.
* Via connected HVAC systems and energy meters, hackers can force critical rooms to overheat critical infrastructure and ultimately cause physical damage.

According to Gartner, some 20 billion connected devices will be deployed by 2020, with as many as a third of these sitting unknowingly vulnerable on enterprise, government, healthcare and industrial networks around the globe. In turn, hackers are now easily able to pivot on insecure devices into the secure network, and ultimately access other enterprise systems that could store bank account information, personnel files or proprietary business information.

To learn more about the research findings and the risks associated with adopting IoT-enabled devices within the enterprise, read the ForeScout "IoT Enterprise Risk Report" here.

Read more from ForeScout's Jan Hof in an interview with ProSecurityZone

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo