Are You Sitting on an Enterprise Device Security Time Bomb?
As the enteprise device threat landscape evolves, enterprises like yours are finding themselves facing multiple enterprise device security challenges. In this blog post, we will be discussing the trends that affect this landscape, the challenges enterprises are facing, and what can be done to solve these challenges.
Enterprises regularly face the challenge of securing conventional IT assets, such as computers and phones. However, their threat landscape has extended beyond traditional IT assets and into the domain of connected devices. For example, IP cameras, printers, and just about any device that has the potential to connect to the network.
This growing domain poses a significant challenge for enterprises. The main reason for this is that as the number of connected devices continues to grow, so too does the attack surface that accompanies them. Despite the plethora of benefits connected devices offer across industries, their innovation comes at a potentially high cost to your enterprise’s security.
Palo Alto Networks 2020 Unit 42 IoT Threat Report sheds light on the declining security posture of IoT devices, the current challenges enterprises face with securing threats originating from these IoT devices, and which IoT devices are the most susceptible to attacks. In this blog post, we’ll be discussing what we perceive as the main takeaways from this report and what we think enterprises need to focus on to secure networks and assets.
A Growing Field, a Growing Problem
The IoT device industry has been growing exponentially over the past couple of years and is a trend that has no end in sight. In 2020, there were 9.9 billion IoT devices installed and this number is predicted to reach 21.5 billion by the year 2025! Today, IoT devices make up for more than 30% of the network-connected endpoints at the average enterprise, leaving enterprises with a significant enterprise device security problem.
According to Palo Alto’s report, 98% of IoT traffic is unencrypted, allowing hackers that successfully bypassed an enterprise’s first layer of security and established command and control to easily listen to unencrypted network traffic. This means that sensitive and confidential information on the network will be readily available to hackers to use and exploit. Even more worrisome is that 57% of IoT devices are vulnerable to medium or high severity attacks, which gives attackers an easy opportunity to make your enterprise the victim of the next large scale attack.
Enterprise Device Security Challenges in the Realm of IoT Security
Enterprises face a few major challenges when it comes to their enterprise device security. One of those challenges is that their currently deployed tools do not support IoT devices. Frequently, enterprises turn to agents for their endpoint protection systems. However, most IoT devices run on obsolete operating systems that do not support running an agent. Without this ability, enterprise device security teams are unaware of their IoT devices’ risks, leaving them open for exploitation.
A second challenge is that enterprises cannot correctly identify all IoT devices in their network. Without proper identification of these devices, security teams cannot accurately secure them (they cannot protect what they cannot see) and risk jeopardizing their enterprise network security
A Device Security Time Bomb
IoT Threat Trends
Exploitable Vulnerabilities
Without the proper enterprise device security methods in place, IoT devices’ vulnerabilities are easily exploited. According to the report, 41% of attacks that take place occur through device vulnerabilities. To make matters worse, most hackers don’t stop at the device level but can then leverage this vulnerability to gain access to other systems in the network to attack.
Faulty Passwords Leading to Attack
Hackers often carry out password-related attacks using weak or default passwords used by manufacturers and the poor security practices surrounding them.
Unsupported Software and Operating Systems
Security systems heavily rely on patching through security updates to keep their enterprise security up to par and protect their systems and networks from attack. IoT devices often run on unsupported software and operating systems reaching their end-of-life (EOL), which makes patching the devices impossible because security updates are no longer available.
For the IoT devices running on EOL operating systems, they are vulnerable to old and well-known exploits because they cannot receive security updates against them. Scarily, 83% of medical imaging devices have this very problem of EOL and unsupported operating systems.
ArcusTeam’s Take on it All
With the growing threat of connected devices, enterprises need a centralized solution now more than ever to help them safeguard their networks from attacks and effectively manage device vulnerabilities.
ArcusTeam’s DeviceTotal platform offers enterprises a proactive approach to their enterprise device security. In a single platform, DeviceTotal continuously predicts, identifies, assesses, prioritizes, and mitigates any potential cyber threats – before they threaten your connected networks. With DeviceTotal, your enterprise can get all the benefits from your connected devices, but without all the risk.
Schedule your demo today, and see how ArcusTeam can protect your network from vulnerabilities lurking within your connected devices