Bring Your Own Device (BYOD) is pretty much commonplace these days. Employees have smartphones, smart watches, and fitness trackers. Smart TV’s are added to boardrooms and lounges. Security cameras are installed. HVAC controls are connected. All of these things are part of a growing family of devices called Internet of Things (IoT) and they pose a huge risk to company networks if security is not carefully considered.
Because most of these devices are quick-to-market, internal security doesn’t get full attention. And once some of these items are deployed, they are forgotten about and seldom get updated when new internal software or firmware updates come out. Just recently (October 2016), there was a massive Distributed Denial of Service (DDoS) sustained cyber attack against Dyn, a US Internet Service Provider (ISP), that brought down Amazon, Twitter, Spotify and others. The attack shut down dependent services like Netflix, and Reddit, and made media outlets like CNN, HBO, People, and payment gateway PayPal difficult to reach.
While DDoS attacks have been happening for a while, the scale of this attack showed the disruptive capabilities of BotNets (the network of ‘slave’ devices that are used to continuously pound on a website or service, denying access to others) has grown exponentially with the increase of insecure IoT devices attached to internet-connected networks.
If hackers can turn these connected devices into ‘slaves’ to run a DDoS attack, they could just as easily focus their malicious intent inside of the network, gain access to trusted devices and accounts, and extract confidential data, payment information, banking credentials and other information. But, to play devil’s advocate, there is value in the devices being connected – that’s why they were designed after all.
The question is “How can these devices be safely allowed on a network?” The answer requires thought, information, and planning – all of which I will be happy to do with you.
If you’re considering allowing BYOD devices on your network, we should talk. If you’re already allowing BYOD devices on your network, we should definitely talk.