Businesses around the world are being transformed by the Internet of Things (IoT). After all, smart devices and systems can enhance staff productively, cut costs and refine business processes, driving new revenue and allowing firms to get closer to their customers.
However, in the race for technological advancement, organisations risk exposing themselves to huge cybersecurity threats. The threats become even more serious when individuals or teams purchase and connect new IoT endpoints to the corporate network without informing the IT department, and this is known as Shadow IT.
Fortunately, the channel can provide a solution to this with expert guidance, advice and the necessary tools, so that IT leaders can gain visibility and control over the smart end points on their network.
IoT on the rise
IoT will continue growing at a rapid pace. Last year, Gartner claimed that there were 8.4 billion connected things operating in the world and this figure is expected to rise to over 20.4bn by 2020. Over 7.4bn of these devices are categorised as “business devices”. Hence, a new take on the old problem of shadow IT is presented: unsecured devices will expand the corporate industry threat landscape without any oversight from the IT department.
Firms under attack
IoT that is left unprotected could be compromised to allow “stepping stone” access to corporate networks, leading to data-stealing. Furthermore, botnets are now also being used to launch DDoS attacks, crypto-mining, click fraud and more. Theoretically, IoT endpoints could be targeted by sabotage to disrupt business processes and potentially be compromised to spy on staff.
The impact, as well as financial and reputational damage, here is huge, and there is now the added pressure of potential regulatory fines under GDPR and the NIS Directive applying to infrastructure industries.
Under the radar
One problem with shadow IoT is that responsibility in an organisation for new smart systems is unclear. They are grouped between IT and OT and therefore have the potential to be completely ignored by both parties. Trend Micro research reveals that 33% of organisations do not know who holds responsibility for IoT Security, whilst 37% said they are involved in security teams that choose IIoT kits.
If OT managers are responsible, their approach to security will be different from the IT counterparts, leading to a reluctance to take systems offline to apply vital patches.
Channel to the rescue
Channel players have a great opportunity to step up and be the trusted advisors here. Gaps in customer organisations can result in bad security practices, lacking regular patch updates, default passwords running on products and no network segmentation. Thus, channel partners can offer vital advice to improve cyber security hygiene in this area.
Pen testing services, like locating security issues in smart endpoints, can be offered to help brighten up the darkest parts of shadow IT. Once organisations have started to follow basic best practices, there is a chance to sell a layered security message to keep IoT systems best protected from advanced threats. Elements including IPS, firewalls, UTM, identity and access management should be aims for channel resellers.
Tech Data does not have all the answers, but there is a chance to add value and create closer and longer-lasting relationships with your customers as the competition to digitally transform grows.