Prevalence of IoT may leave networks vulnerable to attacks

Devices that use the Internet of Things (IoT) are prevalent in highly regulated industries and the infrastructure supporting those devices is vulnerable to security flaws, according to a recent study.


IoT devices are connecting to corporate networks, but are not up to the same security standards as other connections, according to “The 2015 Internet of Things in the Enterprise Report,” a global data-driven security assessment of IoT devices and infrastructure found in businesses from OpenDNS. Using data from the billions of Internet requests routed through OpenDNS’s global network daily, the report details the scale to which IoT devices are in enterprise environments and uncovers specific security risks associated with those devices. 

The report, authored by OpenDNS director of security research Andrew Hay, includes:

  • IoT devices are actively penetrating some of the world’s most regulated industries including healthcare, energy infrastructure, government, financial services, and retail.
  • There are three principal risks IoT devices present to the enterprise: IoT devices introduce new avenues for potential remote exploitation of enterprise networks; the infrastructure used to enable IoT devices is beyond the user and IT’s control; and IT’s often casual approach to IoT device management can leave devices unmonitored and unpatched.
  • Some networks hosting IoT data are susceptible to highly-publicized and patchable vulnerabilities such as FREAK and Heartbleed.
  • Highly prominent technology vendors are operating their IoT platforms in known “bad Internet neighborhoods,” which places their users at risk.
  • Consumer devices such as Dropcam Internet video cameras, Fitbit wearable fitness devices, Western Digital “My Cloud” storage devices, various connected medical devices, and Samsung Smart TVs continuously beacon out to servers in the U.S., Asia, and Europe—even when not in use.
  • Though traditionally thought of as local storage devices, Western Digital cloud-enabled hard drives are now some of the most prevalent IoT endpoints observed. These devices are actively transferring data to insecure cloud servers.
  • A survey of more than 500 IT and security professionals found 23% of respondents have no mitigating controls in place to prevent someone from connecting unauthorized devices to their company’s networks.

“This report shows conclusively that IoT devices are making their way into our corporate networks, but are not up to the same security standards to which we hold enterprise endpoints or infrastructure,” Hay said. “Our hope is that by using this report, security professionals and researchers can better understand the security implications of the IoT devices in their own environments.”

Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource. Edited by Joy Chang, Digital Project Manager, CFE Media,

LEONARD , GA, United States, 08/26/15 08:21 AM:

Reminds me of the days when we had "back door" modems connected to our main frames to ease the jobs of repair techs and programmers who couldn't take the time to sign on a system securely.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Big Data and IIoT value; Monitoring Big Data; Robotics safety standards and programming; Learning about PID
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Big Data and bigger solutions; Tablet technologies; SCADA developments
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me