Security News > 2021 > October > Research finds consumer-grade IoT devices showing up... on corporate networks
Increasing numbers of "Non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models.
According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."
The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters of them reported an increase in non-business IoT devices connected to their org's networks.
Such devices are infamously poorly secured - but in the COVID-19 work-from-home era, such devices being adjacent to corporate networks presents a problem for blue teams.
"Remote workers need to be aware that IoT devices could be compromised and used to move laterally to access their work devices if they're both using the same home router, which in turn could allow attackers to move onto corporate systems," said Palo Alto.
Poor IoT device security stems mainly from manufacturers' desire to keep price points low, cutting security out as an unnecessary overhead. This approach inadvertently exposed large numbers of easily pwned devices to the wider internet - causing such a headache that governments around the world are now preparing to mandate better IoT security standards.