ExtraHop, the provider of cloud-native network detection and response, issued a report detailing rapid substantial changes in device usage trends as businesses shifted their operations in March due to COVID-19. The report also warns of the security complexity and risks posed by connected devices, both those used by employees at home, and those left idle but connected to the office network.
While there are many lenses through which to explore the ways in which COVID-19 is reshaping business operations, connected devices, including internet of things (IoT) devices, and the ways in which people and organisations interact with them tell a story all their own.
Business-related device activity
Steep decline in connected devices at the office raises concerns about questionably secure local networks
Using anonymised, aggregate data from across its global user base, ExtraHop analysed business-related device activity during a one week period at the end of March 2020. This data was compared to activity from a similar study of the same global user base conducted in November 2019. The results reveal not only patterns that illuminate the state of work during the COVID-19 crisis, but also the long-term security implications of a distributed workforce.
Key findings from the report include: Steep decline in connected devices at the office raises concerns about questionably secure local networks: ExtraHop observed a 65 percent decline in the number of laptops and a nearly 70 percent decline in the number of smartphones connecting directly to corporate networks in March 2020.
Securing local networks
That said, the fact that these devices are no longer connected to the corporate network doesn’t mean they’re not connected at all. Employees are still accessing corporate resources, often relying on questionably secure local networks that lack the safeguards of the office network and thus are more exposed to malware.
Vast majority of office phones and printers are still plugged in, exposing risk: The number of connected IP phones declined by just 7.5 percent, indicating that many of these devices remain on and connected even when no one is using them. According to ExtraHop data, nearly 25 percent of those VoIP devices are Cisco IP phones, for which a critical vulnerability (CVE-2020-3161) was announced in April. Printers, at high risk for vulnerabilities and one of the most common targets of hackers, showed even smaller declines in connectivity, dropping by just 0.53 percent.
Physical security cameras
Connections from security cameras increased by 47 percent in March
Spike in physical security cameras: Connections from security cameras increased by 47 percent in March, indicating that many organisations are taking additional precautions against physical intrusion or nefarious activity. Unfortunately, these devices can also expose organisations to cyber risk. Like IP phones and printers, they often have vulnerabilities and have been observed phoning data home.
And don’t forget the treadmills: The connections to the network from treadmills declined 100% when office gyms were some of the first aspects of office life to close down. But the connectivity of treadmills underscores the extent to which every device is now a connected device. IT and security departments now have a much broader attack surface to secure, even the office gym.
Availability of applications and critical resources
“The almost overnight shift to remote work required a massive effort just to ensure the availability of applications and critical resources for employees outside the office,” said Sri Sundaralingam, Vice President, Cloud and Security Solutions at ExtraHop.
“For many organisations, the management of IoT and other connected devices may have been an afterthought, or at least something they didn’t anticipate having to handle long term. As availability and security issues surrounding remote access become more settled, this needs to be an area of focus.”