Did you miss a session from GamesBeat Summit 2022? All sessions are available to stream now. Watch now.
There are no shortages of attack vectors that cybercriminals can use to infiltrate an enterprise. From phishing and malware to routers and HVAC systems, security teams are already spread thin, and now they can add shadow IT to their list of security concerns.
Shadow IT is a broad term covering the use of systems, devices, software, applications, and services without the knowledge or approval of IT departments. Of particular concern are mobile and IoT devices being brought into an office, facility or campus. Many of these devices contain radio frequency (RF) vulnerabilities that can be exploited from outside the facility.
Dangers and threats of shadow IT
There was a well-publicized incident last year at the U.S. embassy in Uganda when employees had their iPhones hacked — most likely due to a zero-click attack — and brought them into the building. With the iPhones compromised, bad actors had open access to the embassy and were potentially able to listen in on numerous conversations, some of which may have been confidential.
And it’s not just smartphones. IoT devices are vulnerable to attacks. Smartwatches are also at risk of being hacked. A hacked smartwatch can potentially allow cybercriminals to access sensitive data, track location and even listen in on conversations.
These are just some of the ways that cybercriminals are using mobile and IoT devices for nefarious purposes. These incidents shine a spotlight on the potential threats that mobile and IoT devices present, enterprise security teams are struggling to find a solution. With IBM reporting the average cost of a data breach rising to $4.24 million in 2021, a single breach could have a detrimental effect on a company.
Improved security: Spotting suspicious devices lurking in the shadows
Simply banning mobile and IoT devices from entering a whole facility is easier said than done. Many employees use their devices for work-related purposes. Bring Your Own Device (BYOD), for all its benefits, also presents multiple security concerns including potential breaches, network intrusions and data loss. Implementing an approved device-only policy is hard to enforce as many security teams lack the visibility to identify devices entering the sensitive parts of facilities. An honor system is problematic as well, employees interpret the “no devices” policy. Examples we see all the time:
- “It’s ok, I’m not answering it.”
- “I turned my cell phone off.”
- “This Bluetooth device can only connect to my cell phone and I left the phone in the car.”
- “I saw that Sam had a Fitbit so I figured Fitbits were an exception.”
It doesn’t take a rogue employee to violate policy, just a forgetful one or one who thinks their situation is a special exemption because their intent is benign. Nonetheless, when the device comes in, it may be controlled by a bad actor who is not the employee carrying it.
To protect their facilities and ensure higher security, it is imperative for security professionals to implement solutions that deliver the visibility to detect and locate all of the authorized and unauthorized RF devices operating on Cellular, Wi-Fi, ZigBee, Bluetooth, Bluetooth Low Energy (BLE) and other RF protocols.
Benefits of geofencing
Geofencing is the security practice of marking off particularly sensitive areas of a facility and applying more rigorous policy enforcement. With geofencing, security teams can understand and have complete visibility of where these devices are and also create a boundary to limit where they are allowed to be within a building or campus. Additionally, geofencing capabilities can alert security teams in real time about potential RF violations or threats within their protected area.
With this knowledge and the innovative solutions now available on the market, a security team can have automated protocols in place to deter a potential attack. For example, an RF geofence violation detection can trigger an integration to your corporate network’s access control. So, entering a secure area with a connected device will automatically trip a disconnection from the area.
By increasing their RF situational awareness, boosting visibility and implementing a geofencing solution into their existing security posture, security teams can eliminate devices hiding in the shadows by protecting their companies from becoming another victim of an RF cyberattack.
Chris Risley is CEO at Bastille Networks.