Is it Becoming Easier for Cybercriminals to Access Company Data?
We are in the age of the ‘office of the future’, every company now battles it out to attract staff and clients by having the most fun office, with the newest gadgets and apps. This has seen countless consumer toys become ‘business critical equipment.’ But has our love for consumer technologies made this the easiest time for cybercriminals to hack businesses?
In a word, yes. At Infoblox we recently conducted a Shadow IoT research report, entitled ‘What is lurking in your network’, that found fitness trackers, smart TVs, virtual assistants and games consoles are increasingly becoming part of the office furniture. These devices open up a whole new myriad of ways cyber-criminals can access company data.
In the same report, it was found that over a third of companies in the US, UK and Germany (35 percent) reported more than 5,000 non-business devices connecting to their networks each day. This is essentially 5,000 non-business critical cybercrime risks.
What’s the issue?
These devices and consumer apps often make their way on to company’s networks without following the IT department’s guidelines. Nearly a quarter of employees from the US and UK that we surveyed did not know if their organisation had a security policy and out of those that did, 20 percent of UK respondents admitted rarely or never following it. And only one fifth of respondents in the US and UK said they followed it by the book.
This increases the potential for an attack. We have previously seen personal devices undergo numerous malware attacks, for instance in 2017 McAfee researchers identified 144 apps on the Google Play store that contained a new malware strain, Grabos. If this malware was downloaded on the company network it could lead to a data breach disaster.
How to avoid this but still give employees freedom?
One option to avoid these breaches is to block personal devices and using social media in the workplace. However, the fact is, employees, want to use their new gadgets and access apps in the office, and companies want to entice new staff by allowing them. Rather than restrict employees it is important to educate them on what is likely a phishing scam or a malware-riddled piece of software and help them become the first line of defence.
Businesses can also ensure they are avoiding major data breaches by having full visibility over what devices are on connected to their network. Using systems that identify all devices on the network at any given time, like an IP address management system, can provide real-time visibility of anything connected to the company network. They can also secure their network through DNS security solutions that will alert them of any new assets or devices that are joining the system so they can identify and block malicious activity quickly.
Get ahead of the cybercriminals
Personal devices and consumer apps aren’t going to go away from the workplace. In fact, each year a new device will be on trend and people will immediately want it on their desk. These will provide a whole new host of ways that make it much easier for cybercriminals to access company data. We are essentially making it easier for them each time we buy a new toy. But, the war is not lost. With the right solutions companies can get ahead of their staff and protect networks no matter what new gadgets are suddenly connected to them.