Shadow IoT and the dangers come from this problem

Let's explore what is an IoT shadow and how you might get accidentally involved in this problem.

What is Shadow IoT?

Shadow IoT sounds like an illegal market for smart home devices, but the reality is even scarier. That's when users put devices on the corporate network without telling anyone about it.

Shadow IoT and the dangers come from this problem Picture 1 Shadow IT is when users put devices on the corporate network without telling anyone about it

A business needs to know what connects to its network. Companies need to protect their assets from security breaches, so they need to keep a close eye on what's connecting to prevent hackers from entering.

In the last decade or two, this was easy. The company network only has workstations around the office, so there is no need to worry about external devices coming in.

However, nowadays, employees often bring their own devices to the office and connect them to the corporate network. These include smartphones, personal laptops, fitness trackers and even handheld game consoles during breaks.

Now, network administrators have a bigger problem to face. People can bring devices from outside and connect them to the network without the administrator's knowledge. This opens the door for attacks taking place from unknown sources.

How bad is the shadow IT problem?

Of course, this threat only occurs if employees actually bring the device to the company. If no one does this, the IoT shadow problem is automatically solved. So how many devices are surreptitiously connected to the network without the administrator knowing?

To answer this question, take a look at Infoblox's report, What's Lurking in the Shadows 2020 . This report aims to find out how many shadow IoT devices are on the company's network, and which countries have the largest number.

The report requires companies in different countries to locate IoT shadow devices on their networks. On average, 20% of these companies found nothing, 46% found between 1 and 20 unknown devices, and 29% found between 21 and 50 devices. A small number of businesses find over 50 devices that use their network without their knowledge.

Why is the shadow of the IoT an issue of concern?

So, why is it a bad thing for employees to bring their devices to work? Why does having 'hidden' devices on the network cause problems?

Shadow IoT and the dangers come from this problem Picture 2 Poorly built IoT devices will have many vulnerabilities that are easily exploited

The main problem is that there is no guarantee that these hidden devices are properly secured. Poorly built IoT devices will have many vulnerabilities that are easily exploited. As a result, if the virus has invaded one of these devices, it can spread when connected to the network.

1. 7 scary things about IoT have really happened

Not only that, these devices often keep an open connection in case the user or service wants to access. And this is what hackers usually want.

When an employee connects an exploitable device to the corporate network, it creates an entry point for the hacker. Hackers always scan the Internet for open ports and if they find employees' insecure devices, they can try to break into them.

If a hacker finds a way to hack into an employee's device, they can use it as a stepping stone to launch attacks on the company's intranet. If this succeeds, hackers will be able to distribute ransomware, access to information needs to be limited or damage.

Which IoT devices are safe to use?

The big problem with IoT devices is that none of them are really harmless to the network. Just as hackers have proven over time, if the device can connect to the Internet, it will likely be hacked, no matter how simple the device.

For example, it's easy to imagine what a hacker could do with a home surveillance camera system. However, a simple device like a smart light bulb must be safe. After all, what can a hacker do with a smart light?

Turns out, hackers can do pretty much anything. A recent study showed that Philips Hue bulbs can be used to launch an attack on the home network. This hack proved that an IoT device is not really immune to attacks. Hackers are getting more and more scary! This is also not the first time hackers have exploited an 'too simple to hack' IoT device.

What can you do against the IoT shadow?

The best way to solve the IoT shadow is not to follow the IoT craze.

Shadow IoT and the dangers come from this problem Picture 3 The best way to solve the IoT shadow is not to follow the IoT craze

Although an Internet connected toaster may sound new and interesting, it creates another entry point for hackers to attack your network. Therefore, it is best to stick with 'brick' devices. Hackers will be harder to crack the device if it is not online!

If you can't live without an IoT device, you can use it with mobile data. If your device can connect to mobile data, turn your phone into a hotspot and connect the device to it. By moving the device away from the corporate network, the security threat is no more.

When returning home, use a private network for IoT devices, keeping your PC and phone private on the main network. If you do so, home appliances will be safe on the main network (IoT hackers cannot reach them). You may not need to buy a new router; Just create a guest network on the current network and connect your IoT devices to that network.

If you are a business owner, consider using other networks for employee phones and gadgets. If you do this, any hackers who hack into employees' devices will not be able to access the main network where sensitive data is.