Rising number of shadow devices leaves networks vulnerable

Enterprise networks across the U.S., U.K. and Germany have thousands of shadow personal devices—such as laptops, mobile phones and Internet of Things devices—connecting to their network, according to a new report from security company Infoblox.

The study highlights the increased vulnerability resulting from having so many devices, with varying levels of security protection, connected to mission-critical networks.

For the report, Infoblox commissioned a survey of 1,000 IT directors across these countries and the UAE (300 each in the U.S., U.K. and Germany and 100 in the United Arab Emerates) in March and April. It also conducted a survey of 1,000 employees in the U.S. and U.K. (500 in each country) in March.

More than one third of the organizations (35 percent) reported more than 5,000 personal devices connecting to their networks each day. Employees in the U.S. and U.K. admitted to connecting to the enterprise network for a number of reasons, including to access social media (39 percent), as well as to download apps, games and films (24 percent, 13 percent and 7 percent, respectively).

Man-and-server.jpg
A technician uses a computer keyboard as he stands in the server hall of the data storage center at the headquarters of Rostelecom PJSC, the state telecommunications operator, in Moscow, Russia, on Tuesday, Dec. 29, 2015. Netflix Inc. signed agreement with Rostelecom to use its TV service starting in 2016. Photographer: Andrey Rudakov/Bloomberg

These practices open organizations up to social engineering hacks, phishing attacks and malware injection, the study said. One third of organizations in the study have more than 1,000 shadow IoT devices connected to their networks on a typical day.

The most common devices found on enterprise networks included fitness trackers (49 percent), digital assistants (47 percent), smart TVs (46 percent), smart kitchen devices (33 percent) and games consoles (30 percent). Such devices are easily discoverable by cyber criminals online via search engines for Internet-connected devices, the report noted.

To manage the security threat posed by shadow personal devices and IoT devices in the network, 82 percent of organizations have introduced a security policy for connected devices. However, while 88 percent of the IT leaders that responded to the survey say they believe that their security policy is either effective or very effective, nearly one quarter of employees from the U.S. and U.K. surveyed (24 percent) did not know if their organization had a security policy.

For reprint and licensing requests for this article, click here.