Consumer IoT devices are coming to your company, whether you want them or not.
Arlen is the director of risk advisory services at Leviathan Security Group, and a member of the advisory board for the SecTor conference. He spends a lot of time advising business clients on how to manage their cybersecurity, and when it comes to the IoT he has one message for them: it’s coming, whether you want it or not.
It’s coming in many different forms, from wirelessly-enabled lightbulbs that you can control via your phone, through to set top boxes that control your TV, and smart power switches that control your energy consumption.
They’re bringing their own networks with them, too; ad hoc point-to-point WiFi networks, Zigbee radio, and others. And in most cases, IT managers won’t have a clue what they are, or how to control them.
The SecTor team caught up with Arlen in between his busy conference schedule to talk about what the consumer-focused IoT means for your company – and why you can’t avoid it:
Your employees want this stuff, and trying to keep it outside your organization is going to be difficult, said Arlen. Many of these devices won’t even have basic WiFi encryption, and may feature weak administrative security. In short, unless they’re acknowledged and controlled, they’re going to spread your attack surface like butter.
What can you do about it?
- Learn IPv6
A lot of these devices will use IPv6, warned Arlen, adding that many IT staff don’t yet know how to configure this technology at all, let alone make it secure. Now’s the time to get to grips with it, because the chances are that you’re already running it, even if you’re not aware of it.
- Segment your WiFi networks
We live in a wireless age, and most if not all IoT devices are wireless, he said. Understand how these new devices are infiltrating your company and create a new dedicated network to contain them. At least that way, you can segment them from business network traffic.
- Go buy some stuff and play with it
This may be the hardest thing for IT managers to sign off on, but it’ll be worth it, said Arlen. If consumer devices are coming into your company anyway, then get the upper hand by buying the most popular ones and getting to know how they work. At least that way, you’ll be prepared when you finally see an Internet-connected smart plant pot on your receptionist’s desk.
Consumer Internet-connected devices don’t just present dangers at work, either. Arlen also presented at SecTor 2015, where he warned about the potential disasters in home automation. Check it out here: