K

Kathleen Martin

Guest
You’ve heard all about shadow IT, but there’s another shadow lurking on your systems: Internet of Things (IoT) devices. 
These smart devices are the IoT in shadow IoT, and they could be maliciously or unintentionally exposing information. Threat actors can use that to access your systems and sensitive data, and wreak havoc upon your company.
A refresher on shadow IT: shadow IT comes from all of the applications and devices your employees use without your knowledge or permission to get their jobs done and handle their work data. Some examples of shadow IT include departments purchasing and installing their own software, users making unauthorized changes to their endpoints and employees using cloud services that aren’t company standard. 
Add a few IoT devices into the mix, and your security efforts are suddenly and obviously more vulnerable. However, what’s not as obvious is that the shadow IoT phenomenon can include things like multicolored light bulbs, coffee makers and Bluetooth speakers.
These devices pose new security risks for the enterprise, as IoT is typically not as secure as it should be. In 2021, 12.2 billion devices connected to the internet worldwide, with an expected growth up to 14.4 billion active connections in 2022. If you think none of those devices are shadow devices on your network, think again. According to Infoblox, 35% of U.S., UK and German companies have more than 5,000 shadow devices connected to their network on any given day.
Putting IoT to the Test 
TikTok personality and security engineer Jose Padilla (@secengineer) knows how to see which devices might be at risk. His frequent TikTok posts test different IoT devices to determine just how risky they are and examine what kind of network traffic the devices are outputting. 
“The Mirai botnet was created almost entirely by IoT devices,” he said. “That’s what inspired me to start looking more into what these IoT devices are doing on my network. Of course, I want to use smart things. They’re very convenient. I obviously love technology. But as a security engineer, I always have to second guess these kinds of things.”
Padilla has tested almost two dozen devices and explains that he takes each through a rigorous process that requires at least three or four hours of sifting through logs to establish patterns to see if anything stands out.
Continue reading: https://securityintelligence.com/articles/secure-shadow-it-tiktok-secengineer/
 

Attachments

  • p0008768.m08361.iot_security.png
    p0008768.m08361.iot_security.png
    316.3 KB · Views: 65
  • Like
Reactions: Kathleen Martin