The concept of a “networked refrigerator” that’s connected to the Internet may seem like a running joke among watchers of the Internet’s infiltration onto a host of devices, but at a time when cars with Internet-enabled dashboard screens are being introduced, the idea of more and more business devices that can communicate on a network doesn’t seem so far-fetched. And as wireless devices beyond the usual desktop and laptop computers start connecting to corporate networks, the threat window only grows: Criminals need to find only a single unguarded “in” to begin snooping into a network.
It is not difficult to find the open doors. Wireless printers, for example, which are now commonplace in the enterprise, can retain digital images—a potential boon for data thieves. And what about the digital camera that can seek a connection to a laptop that happens to be connected to a corporate network? The camera and the laptop establish a wireless connection, making it possible for the user of the digital camera to “leapfrog” directly into the corporate network. The data being passed between wireless devices is also vulnerable, and could easily be hijacked and used inappropriately. The variety of endpoints that are capable of being connected, or are already connected, is astonishing.
This interconnectedness will escalate, as will the effects it will have on our networks. In just a few years, every door lock, card reader, video camera, vehicle, power meter, and light switch will have an IP address—at least in the business world. Therefore, from a security standpoint, it will become increasingly important—within the enterprise and within our homes (since many of us are now mobile or remote workers, too)—to segment and firewall different classes of devices in a network.
Enterprises also should keep in mind that their “smart” office devices can be sources for data loss in other ways—no wireless connectivity required. For instance, data thieves may only need to make a small investment in a few used digital copiers to reap a big return in their hunt for sensitive data: An investigative report by CBS News showed how easy it is to retrieve tens of thousands of documents from digital copiers that have not had their hard drives sanitized prior to resale. Among the information found: Design plans for a building near “Ground Zero,” the site of the 9/11 terrorist attacks in Manhattan, and 95 pages of pay stubs with names, addresses, and Social Security numbers for employees of a New York construction firm.
Excerpted from the Cisco 2010 Midyear Security Report. Download your copy here.