There are no shortages of attack vectors that cybercriminals can exploit to invade an organization. From phishing and malware to routers and HVAC systems, security teams are already thin, and now they can add shadow IT to their security list.
Shadow IT is a broad term that covers the use of systems, devices, software, applications, and services without the knowledge or approval of IT departments. Among the most important considerations are mobile and IoT devices being transported into an office, facility, or campus. Many of these devices contain radio frequency (RF) limitations that can be exploited from outside the facility.
Dangers and threats of shadow IT
Last year at the U.S. Embassy in Uganda, employees had their iPhones hacked most likely due to a zero-click attack. Bad actors had open access to the embassy and were potentially able to respond to many conversations, though some may have been confidential.
The iPhone is not just a smartphone. IoT devices are susceptible to attack. Smartwatches are also at danger of being hacked. A hacked smartwatch can potentially allow cybercriminals to access sensitive information, track location, and even listen in on conversations.
These are just a few examples of cybercriminals attempting to exploit mobile and IoT devices for frightening purposes. These incidents enlighten the potential risks that mobile and IoT devices may pose. Businesses are grappling with the possibility of a data breach, which is expected to cost $4.24 million in 2021.
Spotting suspicious gadgets lurking in the shadows is a key feature in improved security.
While many security teams lack the visibility to identify devices entering sensitive parts of facilities, it''s easier to say that mobile and IoT devices are prohibited from entering a specific facility. Many employees use their devices for work but bring your own device (BYOD) for all its benefits. There are also several security concerns, including network intrusions, and data loss. While implementing an approved device-only policy, many security teams lack the capability to identify devices. Employees are often unaware of the no devices policy. Examples we see often
- Its ok, Im not answering it.
- I turned my cell phone off.
- This Bluetooth device can only connect to my cell phone and I left the phone in the car.
- I saw that Sam had a Fitbit so I figured Fitbits were an exception.
It doesn''t take a rogue employee to violate policy, rather a forgetful one or one who believes their situation is a special exemption because their intention is benign. Nevertheless, when the device comes in, it may be controlled by a bad actor who is not the employee carrying it.
Security professionals must implement solutions that provide the visibility to detect and locate all of the approved and unauthorized RF devices operating on Cellular, Wi-Fi, ZigBee, Bluetooth, Bluetooth Low Energy (BLE) and other RF protocols.
Benefits of geofencing
Security teams can understand and understand where these devices are, and also create a limit to where they are permitted to be within a building or campus. Moreover, geofencing capabilities can alert security teams in real time about potential RF violations or threats within their protected area.
A security team can have automated procedures in place to prevent a potential attack, according to this knowledge and the innovative solutions currently available on the market. An RF geofence violation detection might trigger an integration to your corporate network access control. So, entering a secure area with a connected device will automatically remove a disconnect from the area.
By increasing their RF situational awareness, increasing visibility, and applying a geofencing solution into their existing security posture, security teams may eliminate devices hiding in the shadows by protecting their employees from becoming another victim of an RF cyberattack.
Chris Risley is the CEO of Bastille Networks.