Smart wearables posing new cybersecurity risks in Singapore

• Tech leaders in Singapore acknowledged the need to step up security to face IoT devices like smart wearables

Deploying Internet of Things (IoT) devices within the connected workplace environment can have some unique challenges. Tech leaders in Singapore have pointed to the emerging threat of interconnected devices, including smart wearables, fitness equipment, and game consoles, potentially exposing corporate networks to hacks.

An overwhelming nine out of 10 organizations in the city-state reported a rise in the number of IoT devices connecting to their organizations’ networks in the past year, according to a study by Palo Alto Networks.

The report, tackling best practices for securing IoT, was based on the feedback of 1,350 IT business decision-makers in 14 countries across Asia, Europe, the Middle East, and North America. It found that companies with a high number of connected devices were more at risk of IoT cybersecurity threats.

Nearly a quarter (23%) of Singapore organizations with at least 1,000 employees reported that they have not segmented IoT devices onto separate networks – a basic practice for building safe, smart networks for large companies. A mere 28% reported following the best practices of using micro-segmentation to contain IoT devices, thereby creating a closed-off security zone that IT managers could monitor and control access to and from the device.

“Proper network segmentation is a security best practice that cannot be overlooked,” said Kevin O’ Leary, the field chief security officer for Palo Alto Networks in Asia Pacific. “Without proper implementation, organizations may need to pay a heavy price as cybercriminals jump across and break into business-critical data and processes.

“Although network segmentation may take some time to set up, it can ultimately result in strong security benefits across the organization,” he continued.

As part of its study, Palo Alto attempted to determine some of the strangest devices that were connected to organizations’ networks. The most prolific non-work-associated IoT device turned out to be smart wearables for medical purposes (44% of those surveyed), followed by connected fitness gear (39%), gaming consoles and kits (36%), and desk toys (also 36%).

While a lot of smart wearables are commonplace nowadays, having them connected to the same network as sensitive company data without segmentation is risky, bearing a lot of the same risk as other consumer IoT devices that are not usually associated with the workspace.

Perhaps the most infamous example of consumer IoT device vulnerability was the wave of Mirai botnet DDoS attacks in 2016, which, at one point, took down internet access on the whole east coast of the US. The US government initially suspected a rogue nation-state, but the culprit turned out to be a network of 400,000 compromised consumer IoT devices weaponized by a disgruntled Minecraft player.

Most concerting of all, over half of the IT leaders polled in the Palo Alto study said an extensive amount of improvements was necessary to the way their firm approached IoT security. 13% felt that a complete overhaul of their IoT security was required instead.

“Traditional networks are ill-equipped to handle the surge in adoption of IoT devices,” said Tanner Johnson, a senior cybersecurity analyst at Omdia. “Device behavior baselines need to be established to allow for new recommended policies to help stop malicious activity. For instance, it would raise a flag if a connected thermostat started transmitting gigabytes of data to an unfamiliar site.”

“With the rise of remote working and blurring of lines between work and life, it has become increasingly common and even unavoidable for some employees to be connecting non-work-related devices to corporate networks,” added Vicky Ray, the principal researcher at Palo Alto Networks’ Unit 42 threat intelligence group in Asia Pacific.

“While seemingly harmless, such devices often do not have the same rigorous security measures required for work devices, and can serve as an entryway into important company information and systems,” Ray warned. “To address the threats, security teams need to be able to spot new devices, assess their risk, determine their normal behaviors, and quickly apply security policies.”

---

---

---

---