SAN FRANCISCO--(BUSINESS WIRE)--OpenDNS, a leading provider of cloud-delivered security, today announced on its corporate blog, that it has released The 2015 Internet of Things in the Enterprise Report, a worldwide data-driven security assessment of Internet of Things (IoT) devices and infrastructure found in businesses. Using anonymized data from the billions of Internet requests routed through OpenDNS’s global network daily, the report details the scale to which IoT devices are present in enterprise environments and uncovers specific security risks associated with those devices. Key findings indicate IoT devices are prevalent in highly regulated industries, and infrastructure supporting those devices are vulnerable to well-known and patchable security flaws.
Authored by Director of Security Research Andrew Hay and other members of the OpenDNS Security Labs team, the report includes the following notable findings:
- IoT devices are actively penetrating some of the world’s most regulated industries including healthcare, energy infrastructure, government, financial services, and retail.
- There are three principal risks that IoT devices present to the enterprise: (1) IoT devices introduce new avenues for potential remote exploitation of enterprise networks; (2) the infrastructure used to enable IoT devices is beyond both the user and IT’s control; (3) and IT’s often casual approach to IoT device management can leave devices unmonitored and unpatched.
- Some networks hosting IoT data are susceptible to highly-publicized and patchable vulnerabilities such as FREAK and Heartbleed.
- Highly prominent technology vendors are operating their IoT platforms in known “bad Internet neighborhoods,” which places their own customers at risk.
- Consumer devices such as Dropcam Internet video cameras, Fitbit wearable fitness devices, Western Digital “My Cloud” storage devices, various connected medical devices, and Samsung Smart TVs continuously beacon out to servers in the US, Asia, and Europe–even when not in use.
- Though traditionally thought of as local storage devices, Western Digital cloud-enabled hard drives are now some of the most prevalent IoT endpoints observed. Having been ushered into highly-regulated enterprise environments, these devices are actively transferring data to insecure cloud servers.
- Finally, a survey of more than 500 IT and security professionals found that 23 percent of respondents have no mitigating controls in place to prevent someone from connecting unauthorized devices to their company’s networks.
The report also provides security professionals with recommendations for mitigating IoT-related risks found in their own networks.
“This report shows conclusively that IoT devices are making their way into our corporate networks, but are not up to the same security standards to which we hold enterprise endpoints or infrastructure,” Hay said. “Our hope is that by using this report, security professionals and researchers can better understand the security implications of the IoT devices in their own environments.”
IoT Assessment Tool Available for Security Professionals
In conjunction with the research findings, OpenDNS has also released an update to its Cloud Services Report feature that can now detect IoT-related traffic on enterprise networks. The traffic detection tool allows security professionals to discover whether employees are using cloud services that are sanctioned by a company’s IT department or other, unapproved services. It is available to all OpenDNS Umbrella Insights and Platform customers as part of their normal subscription packages.
To sign-up for a free trial of OpenDNS Umbrella Insights and find out what IoT devices are present on your network, visit: https://signup.opendns.com/freetrial/.
To learn more about OpenDNS’s Cloud Services Report feature, visit: https://www.opendns.com/enterprise-security/solutions/cloud-services-report/.
To download the The 2015 Internet of Things in the Enterprise Report, visit: https://www.opendns.com/iot
To read the blog post announcing the report, please visit the OpenDNS Company blog: https://blog.opendns.com/2015/06/02/opendns-enterprise-iot-security-report/
OpenDNS is a leading provider of network security and DNS services, enabling the world to connect to the Internet with confidence on any device, anywhere, anytime. The Umbrella cloud-delivered network security service blocks advanced attacks, as well as malware, botnets and phishing threats regardless of port, protocol or application. Its predictive intelligence uses machine learning to automate protection against emergent threats before they can reach customers. OpenDNS protects all devices globally without hardware to install or software to maintain. For more information, please visit: www.opendns.com.