The COVID-19 pandemic has had a major impact on global corporate culture, especially remote working models. The growing trend of working from home (WFH) has also extended the risks and challenges in corporate information security.
Palo Alto Networks recently released its latest IoT Security Report, which surveys 1,900 IT decision makers around the world. According to the report, 78% of respondents reported an increase in the number of non-commercial IoT devices connected to corporate networks over the past year. In Taiwan, 98% of respondents said that using IoT devices during WFH caused an increase in security events on corporate networks.
The majority of decision makers surveyed believe that the protection of corporate IoT devices needs to be improved. Policymakers named threat protection and risk assessment as their top priorities, with 62% and 61% respectively. Additionally, 51% agree that when companies compile a list of IoT devices, they should provide context of use, such as who is using the device and how much traffic.
James Yu, country manager for Taiwan at Palo Alto Networks, pointed out that working remotely has resulted in many non-professional devices connecting to corporate networks. For example, when working from home, an employee may have smart wearable devices, smart bulbs, and pet feeders connected to their home network, as well as their company-provided laptop.
WFH has pushed the boundaries of corporate networks to the homes of employees, giving hackers more opportunities to launch security attacks through different network devices, such as home IoT devices. As a result, companies also need to change the way they manage their network security to ensure a secure network environment under rapidly changing business models.
Palo Alto Networks provided three steps to strengthen the security of WFH IoT devices. The first is that companies need to understand the unknown – that is, establish a comprehensive understanding of unexpected IoT devices, spot neglected devices, and make a comprehensive list of IoT devices.
The second step is to keep track of all the devices connected to the network. This allows businesses to disconnect old inactive devices, as well as regain remote management rights for devices that are no longer needed.
Finally, businesses should use micro-segmentation to protect IoT devices in secure areas that are strictly controlled by the business. This will prevent hackers from moving sideways on the network. Organizations should also implement a zero-trust architecture to reduce possible threats to information security by granting minimal login and access permissions.