The management of IoT and other connected devices may have been an afterthought, or at least something they didn’t anticipate having to handle long term.
IoT and Other Connected Devices Trends During Pandemic; Identifies Biggest Security Gaps for Organizations.
While there are many lenses through which to explore the ways in which COVID-19 is reshaping business operations, connected devices—including internet of things (IoT) devices.
ExtraHop, the leader in cloud-native network detection and response, today issued a report detailing rapid substantial changes in device usage trends as businesses shifted their operations in March due to COVID-19. The report also warns of the security complexity and risks posed by connected devices—both those used by employees at home, and those left idle but connected to the office network.
Read More: How to make IoT in business work for you
While there are many lenses through which to explore the ways in which COVID-19 is reshaping business operations, connected devices—including internet of things (IoT) devices—and the ways in which people and organizations interact with them tell a story all their own. Using anonymized, aggregate data from across its global user base, ExtraHop analyzed business-related device activity during a one week period at the end of March 2020. This data was compared to activity from a similar study of the same global user base conducted in November 2019. The results reveal not only patterns that illuminate the state of work during the COVID-19 crisis, but also the long-term security implications of a distributed workforce.
Key findings from the report include:
• Steep Decline in Connected Devices at the Office Raises Concerns About Questionably Secure Local Networks: ExtraHop observed a 65 percent decline in the number of laptops and a nearly 70 percent decline in the number of smartphones connecting directly to corporate networks in March 2020. That said, the fact that these devices are no longer connected to the corporate network doesn’t mean they’re not connected at all. Employees are still accessing corporate resources, often relying on questionably secure local networks that lack the safeguards of the office network and thus are more exposed to malware.
• Vast Majority of Office Phones and Printers Are Still Plugged In, Exposing Risk: The number of connected IP phones declined by just 7.5 percent, indicating that many of these devices remain on and connected even when no one is using them. According to ExtraHop data, nearly 25 percent of those VoIP devices are Cisco IP phones, for which a critical vulnerability (CVE-2020-3161) was announced in April. Printers – at high risk for vulnerabilities and one of the most common targets of hackers – showed even smaller declines in connectivity, dropping by just 0.53 percent.
• Spike in Physical Security Cameras: Connections from security cameras increased by 47 percent in March, indicating that many organizations are taking additional precautions against physical intrusion or nefarious activity. Unfortunately, these devices can also expose organizations to cyber risk. Like IP phones and printers, they often have vulnerabilities and have been observed phoning data home.
• And Don’t Forget the Treadmills: The connections to the network from treadmills declined 100% when office gyms were some of the first aspects of office life to close down. But the connectivity of treadmills underscores the extent to which every device is now a connected device. IT and security departments now have a much broader attack surface to secure — even the office gym.
The almost overnight shift to remote work required a massive effort just to ensure the availability of applications and critical resources for employees outside the office. For many organizations, the management of IoT and other connected devices may have been an afterthought, or at least something they didn’t anticipate having to handle long term. As availability and security issues surrounding remote access become more settled, this needs to be an area of focus,
Sri Sundaralingam, Vice President, Cloud and Security Solutions at ExtraHop.
Read More: How 5G Will Unlock Unseen Opportunities in Industrial IoT
ExtraHop delivers cloud-native network detection and response to secure the hybrid enterprise. Our breakthrough approach applies advanced machine learning to all cloud and network traffic to provide complete visibility, real-time threat detection, and intelligent response. With this approach, we give the world’s leading enterprises including The Home Depot, Credit Suisse, Liberty Global, and Caesars Entertainment the perspective they need to rise above the noise to detect threats, ensure the availability of critical applications, and secure their investment in cloud.