The world of Internet has changed significantly, from the content to the devices that connects, everything has undergone a phenomenal change since the advent of internet. World Wide Web turned 30 and in the last 30 years which is considerably a very small period, technology has advanced exponentially. Today, internet is home to billions of connected devices which is estimated to go over 20 billion devices by the year 2020 according to a research firm. The growing number of devices especially IoT’s pose a great threat.
What is Shadow IoT
The word “Shadow” is becoming quite popular in Information Technology(IT). Shadow IT and Shadow IoT are two common terms that are often heard. Shadow IT refers to the IT applications or solutions that are used within organisations without explicit approval of the organisation whereas Shadow IoT are IoT devices that are connected to an organisation’s network without the consent or knowledge of the Organization. Both pose a great level of threat to the organisation. Both Shadow IT and Shadow IoT uses “Shadow” in the same context except that they both denote different entities. Another thing that’s common between the “two shadows” is the risk it poses to the organisation
Shadow Begets Threat
Shadow IoT’s challenges the cyber security of an organisation. As the number of unauthorised devices on a private network increases, the number of weak links also increases putting the entire organization’s data at risk. The recent Mirai botnet has already set an example on how IoT devices can be controlled to launch a cyber attack. There have also been many other IoT based attacks such as St. Jude Medical implantable cardiac devices attack, TRENDnet Webcam Hack etc.
IoT devices mostly do not come with high or enterprise-grade security and are also hard to detect on an organisational network. It is impossible to control or deny the permission to connect when the devices are not visible, thus putting more challenge to the cybersecurity of the organisation. Reportedly there has been a 600% increase in IoT attacks within one year from 2017 to 2018.
Besides being low on security and visibility in private networks, IoT devices are very good at showing their presence on the internet through search engines like Shodan which enables users to find details of identifiable devices, including the banner information, HTTP, SSH, FTP and SNMP services. This makes IoT devices easy to target in a wider network and hard to safeguard in a private network.
How To Tackle Shadow IoT
Here are possible ways to decrease the level of threats posed by Shadow IoTs according to a report by James A. Martin:
The initial step to safeguarding a private network from shadow devices is to make their presence in the private network known. Allowing users to officially connect their IoT devices to the organisation’s network can prevent shadow devices to a large extent. Chester Wisniewski, principal research scientist at Sophos, a security software and hardware company says, “The reason you have shadow IT and shadow IoT is often because the IT department is known for saying ‘no’ to requests to use devices like smart TVs”
2. Filtering The Network for Shadow Devices
Actively scanning the network for unauthorised devices in both the Organization’s network and beyond it would help discover shadow devices more easily. Wireless monitoring for shadow IoT devices and networks can allow visibility and asset management of those other devices and networks.
3. Isolating IoT
Enabling employees to access a separate dedicated network within the organisation to connect IoT’s and IIoT’s will isolate the devices and creates a wall between the more private and important networks within the organization. Also configuring the network to enable IoTs to only transmit data and not receive incoming requests will add an extra layer of security.
Into The Future
IoT devices are sure to grow in numbers in the near future. With or without security these devices will thrive in the world of internet generating and transmitting data in real time. While the growth of data itself is a major concern, IoT will certainly add to it a factor of data security risk.