WFH staff cautioned when accessing company network; personal devices a possible gateway for corporate cyberattacks 

By Patricia Mirasol 

Work-from-home employees and information technology (IT) teams have a shared responsibility when it comes to securing their company’s network. 

A 2021 IoT security report by Palo Alto Networks, a multinational cybersecurity company, found an increase in non-business devices connected to corporate networks in the last year. When compromised, personal IoT (internet of things) devices like game consoles, heart rate monitors, and smart lightbulbs could be used to laterally access work devices — if both use the same home router — which in turn could allow attackers to move onto corporate systems. 

“Remote workers need to be aware of personal home devices that may connect to corporate networks via their home router,” said Vicky Ray, principal researcher of Unit 42 at Palo Alto Networks, in a press statement. “Enterprises need to better monitor threats and access to networks… to safeguard remote employees and the organization’s most valuable assets.” 

Only half (51%) of the surveyed IT decision-makers with IoT devices connected to their organization’s network said these were segmented on a separate network from the one used for business applications. Another quarter (26%) of the respondents implemented micro-segmentation within security zones, a practice which separates IoT devices from IT devices and prevents hackers from moving laterally on a network. 

The attack worrying leaders the most (55%), revealed the 2021 report, involve the Industrial Internet of Things (IIoT). IIoT enables “dumb” items to become “smart” by equipping these with data-gathering sensors to help further business opportunities. The weaponization and hijacking of security cameras was also reported as a concern (46%). 

BEST PRACTICES
Among the IoT security tips Palo Alto Networks recommended for enterprises are: 

1. Know the unknowns — Get complete visibility into all IoT devices connected to the enterprise. This helps collect an up-to-date inventory of all IoT assets. 

2. Conduct continuous monitoring — Implement a real-time monitoring solution that continuously analyzes the behavior of all network-connected IoT devices, to segment the network between IT and IoT devices. 

3. Implement “zero trust” — Zero trust is an approach to security that relies on continuously verifying the trustworthiness of every device, user, and application in an enterprise. An IoT security strategy that aligns with zero trust is advisable to enforce policies for least-privileged access control. 

ACTIVE PLAYER
During his address at the SEIPI Annual General Membership Meeting on May 31, Trade Secretary Ramon M. Lopez said the Philippines is expected to become an active player in the global IoT space. 

“Global trends suggest that software is now being increasingly bundled with hardware products and gaining a larger share in the IoT value chain. With this, the strong software development competency of the similarly export-oriented Philippine IT-BPM industry can be a good source of technology, talent, and knowledge through linkages and value co-creation,” Mr. Lopez said. 

There will be 29.3 billion networked devices worldwide by 2023, up from 18.4 billion in 2018, according to Cisco, an American technology company. Its March 2020 white paper also predicted that connected home applications will have nearly half (48%) of the IoT market share by 2023.