By Joe Lea, VP of Product

We’ve come a long, long way since the first IoT device – reportedly a 1980s Arpanet-connected Coca-Cola dispenser at Carnegie Mellon University in Pittsburgh. But that thirst for a cold beverage opened the door to technologies that would change the world.

Today’s enterprises are awash in IoT, or perhaps more appropriately, an Enterprise of Things. Businesses today rely on devices like video conferencing equipment and digital whiteboards, smart TVs and HVACs, and industry-specific devices like connected medical equipment that deliver patient care or internet-connected forklifts and smart city networks.

These devices improve convenience, efficiency, and safety, but they also introduce risks most businesses aren’t thinking about, but that really ought to be on their radar. And nobody wants to be left holding the bag when you-know-what hits the IoT fan.

In this SHIoT HAPPENS blog series, we’ll share real stories of Internet-connected devices – unmanaged devices – including real-life examples from recent headlines and insider stories from actual security professionals. We hope this information will shine a spotlight on the widespread problem of unseen, unmanaged, and unsecured connected devices in the workplace.

Read more in our ongoing SHIoT HAPPENS blog series:

More Connected Devices Than Ever Before

The number of connected devices in the workplace is exploding. As one CISO of a Fortune 100 company said to us, “I actually struggle to find devices that are not Internet connected.” The data shows that unmanaged and IoT devices are overtaking the managed devices. We find that most businesses can’t see 40% of the devices in their environment. Sometimes the business brings in these devices; sometimes it’s employees or vendors.

Click to enlarge

Unlike traditional managed devices like laptops and PCs, these unmanaged devices are new endpoints filled with new exploits hackers can use to penetrating your perimeter. They lack any inherent security capabilities, can’t be managed or secured using traditional security products, are difficult or even impossible to keep updated, and their use is increasingly pervasive across every industry.

The Worlds of OT and IT Are Converging

The convergence of conventional machines and smart technologies is blurring the line between where OT ends and IT begins. And while security teams will always struggle with new technologies, some Internet-connected devices aren’t and might not ever be top-of-mind.

A complicated, unseen and unmanaged infrastructure of sensors, actuators, and other gizmos exist today inside everything from vending machines to heart monitors. The pervasiveness of these creates alarming security gaps and enables novel attack vectors most security products weren’t designed to address.

You Can No Longer Ignore The Risk

Security teams can no longer ignore these risks. Data exfiltration at a major casino using a thermostat on a fish tank is real. And even today, the recent power outage at a major airport is being investigated as being caused via IoT devices. CT scanners have been patient zero for WannaCry. How soon until a biomedical device is hacked and affects the care of a patient?

Are you considering the devices your employees are putting on your network? Are you thinking about the future of unmanaged devices and how they affect your security strategy? Are you ready for the onslaught of attacks that could strike on devices you least expected?

Are you ready for when SHIoT HAPPENS?


Joe Lea leads the product team at Armis and is responsible for turning the Armis vision into a service that provides value to and protects customers. Before Armis, he was head of product at Tanium where he helped the company grow from a nascent endpoint query tool to a disruptive industry force. When he’s not busy at Armis or spending time with family, Joe speaks about his experience competing in some of the world’s most grueling 100-mile mountain ultra-marathons, which, as it turns out, are not as different from his day job as you might expect.

 

Comments are closed.