Are enterprise IoT devices putting your business at risk? [PERISCOPE]

When talking about the Internet of Things (IoT), what comes to mind?

Most people think about the consumer goods they can buy at the local big-box store – anything from an internet-connected light bulb that you control from your mobile phone to a children’s tablet device.

However, most people forget about enterprise IoT products, and more importantly, the security flaws that come with them. Recently, DataGravity CISO Andrew Hay held a Periscope webcast discussing the vulnerabilities that come with the IoT.

There are always new products on the market, like the latest smartphone or hands-free speaker. They’re like collectible toys for adults – buy one and then buy another the minute the next best thing comes out. Everything’s considered disposable (whether or not they’re filled with sensitive data). As a result, vendors are less likely to focus on patching up security loopholes that could leave an organization vulnerable to a number of threats.

Think of the smart TVs used in conference rooms across the country. The latest and greatest are hooked up to webcams and microphones, meaning anyone – from competitors and foreign enemies to employees or bored hackers – can easily tap into the TV to eavesdrop on a corporate meeting in which sensitive information is being shared.

However, the real problem with enterprise IoT devices is rooted in the amount of data hidden inside. The threat is much greater than anything that could be exposed in an office meeting. Devices like smart TVs are connected to a network that can make it simple for someone to dive into a more sensitive part of the network that contains personally identifiable information (PII) like driver’s licenses, IP addresses, names, emails and more.

Hospitals are just one example of organizations that need to be aware of the dangers of the IoT. Webcams are being used everywhere to monitor patients, storing data in the cloud, which can be accessed by anyone in the hospital at any time. Most of the time, it is extremely likely that these webcams are not in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and are not accredited for healthcare environments. If a breach occurred and webcams were found to be the source of the attack, it would be an expensive ordeal for healthcare providers.

The moral of the story? Enterprise IoT devices that are improperly secured make it easy for attackers to target an organization’s network and access sensitive data. Neglecting these technologies and treating them like toys puts you, your customers and your business at risk.

Don’t know what information you could be putting at risk? Learn what could be hiding in your data.

  Like This
John Joseph

John Joseph

President and co-founder of DataGravity, John Joseph leads company’s sales, marketing, operations and customer initiatives. John previously served as vice president of marketing and product management at EqualLogic, leading these functions from the company's initial launch through the successful acquisition by Dell in 2008. He subsequently served as vice president of enterprise solutions, marketing at Dell for three years after the acquisition.