Research and analysis

Cyber security in enterprise connected devices

Research detailing cyber security issues in internet-connected devices used by businesses and organisations.

From:
Department for Science, Innovation and Technology, Department for Digital, Culture, Media & Sport, and Julia Lopez MP
Published
9 May 2022
Last updated
12 April 2023 — See all updates

Documents

Literature review on connected devices within enterprise networks

PDF, 1.27 MB, 37 pages

Enterprise connected devices: procurement, usage and management among UK businesses

PDF, 420 KB, 27 pages

NCSC threat assessment on enterprise connected devices

https://www.ncsc.gov.uk/report/organisational-use-of-enterprise-connected-devices

Device security principles for manufacturers

https://www.ncsc.gov.uk/collection/device-security-guidance/security-principles

Details

“Enterprise connected devices” are devices used in or by businesses and organisations, such as office printers, office cameras, entry systems and room booking systems. These network-connected devices are used within the daily operation of thousands of organisations around the UK and we are aware of significant concerns about the security of these products. Potentially vulnerable devices can provide a route for hostile actors to attack enterprise systems. As well as presenting a threat to individual users and corporate networks, these devices can also represent a large-scale strategic risk to the overall digital environment.

The research published here sets out some key findings, including:

  • enterprise connected devices are being deployed and relied on by many organisations - however, there are significant concerns from IT professionals about device security
  • vulnerabilities are regularly found in enterprise connected devices which have put large numbers of organisations at risk
  • organisations lack clarity on how to monitor and protect themselves from vulnerable connected devices

Also published alongside this research is a National Cyber Security Centre (NCSC) threat assessment on the organisational use of enterprise connected devices.

In conjunction with the Department for Science, Innovation and Technology (DSIT), NCSC have published a set of new device security principles for manufacturers. These principles help organisations gain confidence that their enterprise connected devices are protected against common cyber security threats and risks.

The government is developing policy to address these issues and will provide further updates in due course.

This research is part of the government’s £2.6 billion National Cyber Strategy to protect and promote the UK online. It supports the UK’s objective to take the lead in the technologies vital to cyber power and secure the Internet of Things and connected technologies used by consumers and enterprises.

Published 9 May 2022
Last updated 12 April 2023 + show all updates

  1. Added links to the new new device security principles for manufacturers.

  2. An additional NCSC threat assessment on the organisational use of enterprise connected devices has been added to the page.

  3. First published.

Related content