Shining a light on shadow IoT devices

Shining a light on shadow IoT devices
(Image credit: Shutterstock)

For enterprises to hit their next milestone, they need to innovate at speed and at scale. As demand rises for remote working, so does the demand for flexible enterprise technology systems to enable improved accessibility for workers and branch offices. To maintain a dynamic remote working environment, it is also imperative to consider the importance of branch and remote security, but are businesses prioritizing the right cybersecurity measures?

About the author

Malcolm Murphy, Technical Director, EMEA at Infoblox.

As the use of devices continues to grow, so too does the risk of security threats targeting businesses. According to a recent report from Infoblox, a third (33%) of UK businesses believe there are around 1,000 non-business related IoT devices - otherwise known as ‘shadow IoT devices’ - connected to their enterprise networks. Shadow IoT devices can be defined as IoT devices or sensors in active use within an organisation without the IT department’s knowledge, and they are becoming a major concern for corporate network security professionals. 

Once connected to the network, shadow IoT devices can open the door for cyber attacks that can wreak havoc on a businesses’ IT system. Businesses need to evaluate the principles of their security network architecture in order to prevent data breaches and attacks conducted through shadow IoT devices. It is imperative to build the right IT infrastructure from the offset as this will help to address visibility, reliability and management challenges across the network further down the line.

Flexible working places a strain on network security

According to a 2019 survey on remote-working statistics, almost three quarters (73%) of people in the UK consider flexible working the new normal, and, as the number of people working remotely continues to rise in the UK, so does the amount of connected devices. Research from Strategy Analyst has predicted that almost 40 billion devices will be connected to the internet by 2025, rising to 50 billion by 2030.

While the IoT has introduced greater accessibility and speed, it has also led to increasing concern surrounding the associated risks from shadow IoT devices. In fact, a staggering 88% of UK businesses said that they are concerned about the risk of vulnerabilities that their organisation is exposed to thanks to shadow IoT devices. On an average day, UK businesses reported 30,000 non-business provisioned IoT devices connecting to their network. These unauthorized connections highlight the high degree of the challenges businesses face.

Almost 48% of enterprises believe they have between 1,000 and 5,000 personal IoT devices connected to the network at any one time. Perhaps the biggest concern here is that IT teams are not detecting them in a timely manner, opening up enterprise networks to significant risks of malware and other types of cyberattacks. For example, in 2019 a large-scale botnet attack targeted an online streaming application by using more than 400,000 IoT-connected devices over 13 days. So, with billions of new connected devices slated to appear over the next few years, where do we go from here?

Why security teams should prioritize remote and branch office networks

Although there is clearly some way left to go, 89% of organisations said that they employ a security policy for personal IoT devices on their network. As enterprises continue to expand into branch offices and leverage SaaS and cloud-based applications, they must implement defenses and evolving DDI infrastructures to provide an optimal end-user experience to devices on the network edge. According to the National Cyber Security Center (NCSC), devices that can access more sensitive information or services, including personal data, should be prioritized.

To combat network-centric cyber-attacks, almost three quarters (72%) of organisations worldwide said that they are planning to deploy cloud-based security functions on their on-premise devices over the next three years. These cloud-based functions can include services such as Cloud Access Security Broker (CASB), User and Entity Behaviour Analytics (UEBA), Next-Generation Firewall (NFGW) and Deep Packet Inspection (DPI) and will be key in giving staff an overview of their network’s architecture to address visibility, reliability and management challenges. Installing these network security solutions can help organisations successfully mitigate untrusted zones and also offer many benefits, such as lowering costs.

In addition to these cloud-based functions, businesses must invest in secured DNS in order to address the many ways that malware exploits DNS to extract data and spread. When secured, DNS can act as a first line of defense by providing essential alerting and visibility to IT admins, helping resolve security incidents faster by identifying and blocking malicious activity.

Striking the balance between the team and the technology

According to the IFSEC Global Cyber Security Breaches Report 2020, 46% of UK businesses reported having cyber-attacks or breaches in the last 12 months. IT Managers need to stop and consider the wider needs of the business and how identification is improving for cybercriminals. 

By increasing the amount of skilled staff, this will help prevent the many shadow IoT devices from connecting to the network and enforce stricter controls for new devices joining the network. Indeed, when it comes to network security, one of the top concerns for 28% of UK IT professionals is the lack of skilled staff. We won’t solve the problem with technology alone; it is key for training to be prioritized for the wider team as well.

With effective policies and guidelines in place, personal connected devices should not hinder a businesses’ ability to manage its networks safely and effectively. Through the combination of cloud-based security services, secured DNS and security training, network and security professionals will be able to actively manage the threats and reduce the risk of attacks presented by shadow IoT devices.

Malcolm Murphy

Malcolm Murphy is the Technical Director, EMEA at Infoblox. In a career spanning more than 20 years, Dr Malcolm Murphy has witnessed first-hand the evolution of the Internet from academic collaboration tool to the must-have utility we all take for granted today. He started his career building network and security infrastructure for one of the UK’s largest ISPs, before subsequently working for a number of networking and security technology companies. 


Infoblox leads the way to Next Level Networking with its Secure Cloud-Managed Network Services with 8,000 customers worldwide including 350 of the Fortune 500. 

Infoblox brings cutting-edge, SaaS-based cybersecurity and DDI solutions for enhanced reliability, and automation to cloud and hybrid systems, with single pane of glass for better network management and customer experience.