Non-business devices might be your company's biggest security risk

security
(Image credit: Shutterstock)

With the prevalence of remote working, the biggest threat to corporate networks comes from non-business Internet of Things (IoT) devices, according to a new report.

A study by Palo Alto Networks reveals that seven out of ten IT decision-makers in the UK (68%) whose organization allows IoT devices to connect to its network, found that the lax cybersecurity practices in IoT devices poses the biggest threat to business networks.

The figure rises to 78% after collating data from organizations around the world, including businesses in the biggest economies in Asia, Europe, North America, and South America, and Australia.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents,” notes Greg Day, VP and CSO EMEA, Palo Alto Networks.

Time for a new policy

In response to the type of IoT incident that keeps IT leaders up at night, 55% voted Industrial  IoT attacks to the top of the list, closely followed by distributed denial of services (DDoS) attacks (50%).

The survey found that the greatest security capability needs were around protection against threats (61%) such as malware and ransomware, risk assessment (50%) and segmentation (50%).

While the vast majority (93%) of the respondents indicated that their organization’s approach to IoT security needs improvement, respondents in the UK were far less likely than their EMEA counterparts to feel that drastic change was needed, with only 4% believing a complete overhaul was needed compared to the EMEA average of 20%. 

Joint responsibility

On a positive note though, of the 1,900 global respondents, more than four in ten (44%) in the UK, and over half (51%) globally indicated that IoT devices are segmented on a separate network from the one they use for primary business devices and business applications.

Based on their reading of the data, Palo Alto argues that an effective strategy to safeguard business networks from rogue IoT devices can only emerge from a joint responsibility by both business and employees.

"Remote workers need to be aware of devices at home that may connect to corporate networks via their home router. Enterprises need to better monitor threats and access to networks and create a level of segmentation to safeguard remote employees and the organization's most valuable assets,” believes Ryan Olson, vice president of threat intelligence, Unit 42 at Palo Alto Networks.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.