IT and Business Insights for SMB Solution Providers

The Internet of Forgotten Things

How to stop IoFT devices from becoming attack vectors. By James E. Gaskin

COMPANIES TODAY have lost track of millions of network-addressable devices, the so-called Internet of Forgotten Things (IoFT). With 27 billion IoT devices projected to be deployed by 2025, according to IoT Analytics, the IoFT will likely grow as well, potentially making businesses more vulnerable to cyberattacks. 

“These devices are everywhere,” says Sean Tufts, practice director in ICS and IoT security for Optiv, an infosec consultancy and integrator.

Securing newer IoT devices you know about is hard enough. Securing older ones long since fallen out of use is harder still. There are some ways to help your clients close these security gaps, however.

First, consider how we got here. Tufts says companies may install devices for a specific purpose and then forget that purpose. For example, he recently spotted a state lottery vending machine in an airport with both a cellular and ethernet network connection, two paths to the internet in a very sensitive area, although he had high confidence the device was segmented and not a current threat to the airport. “What happens in 2032 when they do a large firewall or cloud migration?” Tufts asks. “This device could easily end up in the wrong location with the wrong connectivity.”

Sean Tufts

In addition, operational technology (OT) groups, particularly in manufacturing, sometimes install sensors and industrial controls that are outside of IT’s purview. These devices “serve narrow purposes, are largely unmanaged, and can be deployed for a decade or more,” says Bo Lane, vice president of global engineering at Kudelski Security, the cybersecurity division of the Kudelski Group, a global digital security and convergent media solutions company.

Given the numbers, says Lane, “it’s highly probable that organizations have connected devices or OT-type controls in place, unmanaged and ‘forgotten.’” Specific industries like manufacturing and critical infrastructure have more opportunities to “forget” devices than others, he adds, noting that they’re “heavily reliant on OT, and utilize connected devices at very remote sites.” This extends the problem to the far ends of the company and includes locations with few IT resources.

The problem is not exclusive to those industries though, says Tufts. While a highly robust and monitored network will have fewer IoFT devices, he notes, “it’s not uncommon to find gaming systems and smart TVs where they shouldn’t be.” Users seem to think hiding devices from IT is a fun challenge, he notes, and the less aware the IT group, the more common the problem.

So how do you stop IoT devices from becoming IoFT devices? “Treat all devices like we do a corporate-issued PC,” Tufts advises, which means tagging, tracking, and monitoring them.

About the Author

James E. Gaskin's picture

JAMES E. GASKIN is a ChannelPro contributing editor and former reseller based in Dallas.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.