The truth of the matter is that when an attacker is willing to invest resources and time, any organisation can be breached.

That means it’s not a matter of “if”, but rather a matter of “when”.

Traditionally, information security teams had difficult, albeit straightforward jobs. They needed to understand their assets, know what they were connecting to, and separate them from the outside world.

That has since changed, though, and we can thank the many devices introduced into the workplace by employees, visitors, partners and other outsiders for that.

Basically, any device that can connect to a network, whether or not it has been built to be malicious, can cause disaster to both the data and networks IT Security is responsible for protecting.

In other words, The Internet of Things (IoT) – or, as NEWORDER calls it, The Internet of Evil Things®:

First, we need to define evil, by which we mean malicious or harmful, purposefully or not.

Many Information Security experts can’t see what is coming into the office. The problem is not just personal devices meant for personal use. Increasingly, individuals are purchasing work devices on the company dollar, intended to be used on business networks, for company purposes. These BYOD policies are being implemented to reduce costs and create happier employees, but the policies make security more difficult.

We also found many offices don’t have clear guidance on what devices can come into the office and how they should be configured.

It’s the devices that employees bring in and out of the office every day that also have the potential to cause serious harm to company data, and PWNIE Express’s 2017 survey showed that:

• Misconfigured healthcare, security, and IoT devices that will provide another route for ransomware and malware to cause harm and affect organisations.
• Unresolved vulnerabilities or the misconfiguration of popular connected devices, spurred by the security holes being publicised by botnets, including Mirai and newer, “improved” versions.
• Mobile phones are becoming an extra attack surface and another mode of rogue access points taking advantage of unencrypted Netgear, AT&T, and HPsetup wireless networks to launch man-in-the-middle attacks.

The only solution available in South Africa which will close the IoT security gap is from NEWORDER, who have teamed up with PWNIE, threat detection experts who have a service that identifies device threats before a company gets hacked.

Give them a call and see what else they can do to help you with your cybersecurity issues. You really don’t want to wait until after you have been hacked to do so.