Security trends come and go, but one threat stubbornly persistent in the last months of 2016 has been DDoS botnets powered by devices infected with the Mirai malware. The latest outbreak has seen a new variant hijack the routers of Post Office, TalkTalk and Deutsche Telekom customers. These will eventually get patched, but the message is clear: consumer-grade IoT technology can be worryingly exposed to malicious third parties. That should set alarm bells ringing in the CIO’s office as staff come back to work after the Christmas break brandishing the latest smart devices.
Heading into 2017, IT leaders need to urgently broaden their endpoint security strategies to include this new category of devices, because just one insecure endpoint could spell disaster. The service desk is the ideal place to lead these efforts.
The future of threats?
Mirai might mean future in Japanese, but IT bosses will certainly be hoping this isn’t the start of a long-term trend. Yet the threat from smart devices will only grow as they become a commonplace sight in the enterprise. Analyst IDC has predicted the number of IoT devices installed globally will reach 22 billion by 2018. However, it has also warned that by the same year, two-thirds of enterprises will suffer IoT-related breaches.
It’s not hard to see how. Mirai was able to compromise internet-connected cameras, DVRs, home routers and the like simply by scanning for those still protected by factory default or hard-coded log-ins. That kind of security oversight is common when it comes to IoT products and makes it child’s play to compromise an endpoint and gain a foothold in a targeted organisation. From there, an attacker could pivot to high-value customer databases or repositories of lucrative trade secrets, or even spread ransomware throughout the organisation.
According to a 2016 SANS Institute study, 44% of organisations admitted one or more of their endpoints had been compromised in the past 24 months. And more endpoints equal more risk – especially with the volume of malware out there. Some firms claim to have blocked in excess of 320,000 threats each day in 2016. The result can be serious service outages, damaged reputation, industry fines, legal costs and more. The average cost of a data breach in 2016 was $4 million. That figure could rise a lot higher with the forthcoming European General Data Protection Regulation (GDPR).
No-one is suggesting IT leaders try to ban consumer IoT devices outright. Just as with BYOD, such a retrograde step would neither be practical nor successful. Smart watches, head-mounted displays and other wearables can significantly enhance productivity, staff well-being and even help with employee retention. Try to block usage, and it will only go underground, creating even more dangerous shadow IT risk.
Time to get serious
Instead, IT leaders need to put more faith in the service desk. Operating on the IT frontline, this function is in a great position to coordinate endpoint visibility and control efforts. But only if it has the right unified set of automated tools at its disposal. These should be able to discover all devices connecting to the network and then enforce policy – for example controlling access to corporate resources and automatically enforcing roles-based configurations.
Effective patch management is a vital element which can eliminate most known threats, and here it’s important to find a provider which can support a wide range of device and system types. Combine that with app whitelisting to combat zero day threats, and encryption to ensure data is kept safe no matter where it ends up. Traditional tools like AV and firewalls are, of course, still important but mainly to mop up commodity threats.
Automation is your friend here. It will help stretched IT teams stay on top of threats as the proliferation of smart devices causes an explosion in endpoints. And IT leaders would also do well to encourage real-time collaboration between service and security teams. Your IT service desk is in the perfect place to spot and link incidents which may indicate a wider attack on the organisation. That intelligence needs to be escalated straight to security teams, just as they should pass on details of unpatched vulnerabilities that need remediating.