The Internet of Things... otherwise known as ‘the interconnection that’s generated via computing devices embedded in everyday objects, enabling them to send and receive data’.
Although we may not realize it, our organizations are home to a range of powerful IoT devices. It would be easy for some of these devices to fly under the radar, with organizations failing to recognize them as a potential risk to information security.
However, modern multifunction devices (MFDs) provide print, copy, scan, send and fax functionality. They have hard drive storage and provide a number of networked services – they’re computer servers in their own right.
This means that some are vulnerable to the same threats as computers and other networked devices.
So – are you protected?
The greatest threat is data infiltration. In fact, 86% of organizations surveyed by the Australian Cyber Security Centre in 2016 say they have experienced attempts to compromise the confidentiality and integrity of their systems. And according to the Global Economic Crime Survey, that same year 32% of companies were victims of cybercrime.
Data and document security is a top priority for global organizations. However while the resources they’re investing in information security is increasing, there are some common gaps driven by the IoT that are being overlooked.
IoT Security considerations – the office
We work in a connected office environment. Unless appropriately managed, our office equipment can present as the most critical weak spot in enterprise security. For this reason, MFDs and other devices are seen as some of the easiest targets.
These devices need to be introduced into your organization infrastructure as part of a wider security strategy aimed at protecting the confidentiality, integrity, and availability of your networked systems. This can be achieved via a virtual private network using Canon secure network print and scan software. This will isolate office equipment, and their print and scan functions, from the general office network, reducing the risk of hacking.
BYOD policies also need to be considered. A large number of organizations remain relaxed about employees bringing their own device to work. However, this significantly increases their security risks. In fact, according to Skycure, 21% of organizations have traced a data breach to their own BYOD programme.
Why? These devices are a gateway to a range of productivity tools, resources and opportunities for social interaction. Yes, a flexible workforce powered by mobility brings greater efficiency and productivity. But it also means that information is spread outside of the ‘traditional’ office environment, opening networks up to phishing scams or password compromises.
Is the threat always external?
Unfortunately, no. With more and more confidential data moving through organizations, and an expanding ecosystem of Internet-connected infrastructure, people, processes and devices, there come additional attack paths for would-be hackers. Organizations then pivot, adopting more effective strategies to defeat malware.
Attackers need to shift their approach. Using legitimate credentials and software to operate as ‘physical insiders’, we’re seeing them exploit security weaknesses in digital devices, such as printers. This enables them to access areas that contain sensitive information, such as old printer logs.
These security flaws may be used as their initial gateway. Once a hacker has established a foothold in a networked device, they can move laterally throughout the organization to gather further data.
The IoT brings with it many positives, including flexibility, mobility, and expedience. But if you think it presents a greater threat than benefit to your organizational security, now is the time to assess the risks associated with your connected office environment and act.