By Keith Glancey, Systems Engineering Manager at Infoblox   

When the COVID-19 pandemic struck, businesses around the world found themselves forced to adapt quickly in order to survive. IT and security teams took centre stage, and were tasked with supporting a newly-remote network of employees and maintaining business continuity. Many companies emphasised ‘connectivity first,’ relegating security to an afterthought. However, as the dust starts to settle, remote work seems here to stay in some form. This has opened up a new threat for many businesses.    

Just as the pandemic has blurred the line between our professional and personal environments, it has also blurred the line between our professional and personal IoT devices– whether it’s a connected television, smart thermostat or a tablet connected to a work application. The increased use of personal devices is making the professional network vulnerable to attack, and so is the proliferation of IoT devices. With many employees yet to return to the office, it’s never been more important for businesses to assess and address the IoT security risks posed by our new reality.  

The remote rise of Shadow IoT 

Even before the pandemic struck, IoT security was a challenge. In fact, research discovered that one third (33%) of UK businesses believed there were around 1,000 unauthorised or non-business related IoT devices – also known as Shadow IoT devices – connected to their enterprise networks. These devices can open the wider business up to attack and also enable unsanctioned ‘lurkers’ to access any given network. One of the consequences of the rise of shadow IoT was the surge of 17 million cases ofdistributed denial-of-service (DDoS) attacks across the globe in 2020 alone, with reports highlighting a 250% increase of frequency over the last 3 years. 

As remote working has transformed the way that individuals are using their IoT devices, this threat has only increased. The average home today has 11 IoT devices connected to its network. And since IoT devices are notoriously insecure, this presents a serious headache for IT and security teams. Each of these devices provides a vector through which malware can enter an employee’s home network and then move laterally to infect the corporate network as well. Given that IT teams can’t easily enforce corporate security policies on devices that sit outside of their infrastructure, this is opening up the floodgates and putting businesses at increased risk from attacks such as phishing and malware.  

To add to this, many individuals are naturally less risk-averse at home. For some, using a work device to browse social media, shop or stream entertainment services has become the norm. Yet, combined with the threats posed by unsanctioned IoT devices, this use of unsecured Wi-Fi connections, unsanctioned applications, and browsers with insecure plug-ins has the potential to compromise the entire corporate network.   

Future-proofing 

Organisations must take this time to embrace a more strategic approach to security, rather than hanging onto a model that isn’t compatible with the cloud-first networks that remote work requires. Network architecture is no longer centralised on a physical campus, with a core data center into which users connect, and security practices need to reflect this. 

One effective way that IT teams can protect their network against shadow IoT threats is by increasing visibility. This is where DNS (Domain Name System) tracking comes in. DNS is a core network service, which means that it touches every device that connects to a company’s network and the wider internet. Because of this, it doesn’t rely on a device being authorised or known to the IT team. As a result, DNS has the power to see every connection point in the network, enabling IT and security teams to know exactly what each IoT device is doing at all times.  

To take it to the next level, businesses can merge DNS with DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management). This combination of modern technologies – known as DDI – can pinpoint threats at the earliest stages, identifying compromised machines and correlating disparate events related to the same device. DDI can also help teams automate the provisioning of security services to remote endpoints, removing the need to ship devices back and forth for on-site patching.   

As enterprises become more distributed and borderless, they need security to stretch across their entire infrastructure and protect users wherever they are located. Defending from the network edge will be critical in combating shadow IoT threats brought about by remote work and using modern technologies such as cloud-first DDI will enable organisations to stop and remediate attacks before they cross over from the home to the corporate network.