Employee IoT devices increase cyber security risk

A new report into enterprise Internet of Things (IoT) has revealed that financial services firms are at risk of being hacked via the personal devices employees connect to business networks.

Palo Alto Networks interviewed 138 IT decision-makers in the financial services industry, finding that a variety of non-corporate, personal IoT devices are connecting to financial institution networks and surprising IT and cybersecurity managers across the sector.

The top five devices found on financial sector networks were: connected kitchen/coffee makers (39 per cent), connected personal medical devices like implanted heart monitors (37 per cent), connected gym equipment (33 per cent), games consoles (31 per cent) and smart toys and connected cars (both 22 per cent).

“Devices that employees innocently bring onto an organisation's network are often not built with security in mind and can be easy gateways to a company’s most important information and systems,” explained May Wang, senior engineer at Palo Alto Networks.

While more than a half of financial services respondents (53 per cent) said they do segment their networks, one in five banks, insurers and other financial institutions are not segmenting their IoT devices on a separate network from the one they use for primary devices and key business applications – like HR system, email server, finance system, etc.

Greg Day, chief security officer at Palo Alto Networks, commented: "Visibility really is key to both realising the business opportunity and understanding the risks of IoT – this is because most devices use proprietary methods, which are increasingly encrypted.

"With the influx of IoT, including the supply chain sub-dependencies that they add, organisations should not assume they are adequately secured,” he continued, adding: “There is a lack of standardisation in security controls and the value of IoT devices varies so wildly between a few to millions of pounds, so we can't expect the same investment in security controls when the IoT asset value varies so greatly.”

    Share Story:

Recent Stories


The Rise of Instant Payments
Instant payments are creating new business opportunities for banks by providing more touchpoints than ever. With these evolutions underway, Featurespace brought leading industry experts together to discuss how they are protecting customers from fraudsters in real time, utilizing innovative and disruptive solutions to reduce fraud. Click here to find out more.

Offloading Cyber Risk in the Cloud
As cyber attacks and data breaches are in the news on an increasingly regular basis - with regulatory penalties and customer trust on the line for financial services firms - it has never been more crucial to be compliant in the cloud.

This video, with Akamai’s EMEA director of security technology and strategy Richard Meeus, will help explain what your company can be doing to make sure it’s not embroiled in the next big fine or front-page scandal.