- Nearly half of IoT-IT connections come from vulnerable or misconfigured high-risk devices
- Flat networks allow threats to spread easily between IoT and IT systems
- Protection requires segmentation, Zero Trust, visibility and endpoint monitoring
Nearly half of all network connections (48.2%) from Internet of Things (IoT) devices to internal computing devices come from high-risk IoT equipment, and another 4% come from critical-risk components, experts warned.
A new paper published by Palo Alto Networks, based on telemetry from 27 million devices, indicates that nearly half of all these connections involve devices that are either vulnerable to exploitable vulnerabilities or misconfigured and therefore dangerous.
These high-risk systems have, in addition to unpatched vulnerabilities, weak configurations or insecure protocols, which can create a broad and persistent attack surface and open direct pathways for threats to spread from compromised IoT endpoints to core business systems.
How to stay safe
A single exploited IoT device could enable lateral movement within a network, leading to data theft, business disruption, or major financial loss.
The number one risk factor here is the lack of network segmentation, it was said. Most businesses operate a “flat” network, where IT and IoT devices coexist without isolation.
This means that once a malicious actor enters the network, they can easily move from one device to another, expanding their reach and causing even more damage.
There are a number of steps that small and medium-sized businesses (SMEs) and businesses can take to protect themselves against these risks.
First, they must enforce strict network segmentation between IoT and IT systems, to isolate high-risk or unmanaged devices from critical infrastructure.
Next, they must implement a Zero Trust architecture, enforcing least privilege, continuous device verification, and context-aware access controls.
They must also ensure they have complete visibility into devices, including unmanaged and BYOD assets, and regularly apply vulnerability and firmware patches.
Finally, organizations should deploy comprehensive endpoint protection (EDR/XDR) on all managed IT assets and develop alternative monitoring for IoT endpoints that cannot run agents.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
