Shadow IoT threatens enterprise security
A 1,500 percent increase in IoT traffic over the past year and a rise in unauthorized devices being used in the workplace represents a major threat to enterprise security, according to a new report.
The latest IoT report from cloud security company Zscaler reveals its customers are now generating more than a billion IoT transactions each month. Analysis of just two weeks of this traffic through Zscaler cloud found 553 different IoT devices across 21 categories from 212 manufacturers.
The top unauthorized IoT devices Zscaler observed include digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems.
Manufacturing and retail customers generated the highest IoT traffic volume (56.8 percent) followed by enterprises (23.7 percent), entertainment and home automation (15.7 percent), and healthcare (3.8 percent). A worrying 83 percent of IoT-based transactions are occurring over plain-text channels, whereas only 17 percent are using secure (SSL) channels.
Zscaler blocked 14,000 IoT-based malware attempts per month. That number has increased more than seven times over its May 2019 research. New exploits that target IoT devices are popping up all the time, such as the RIFT botnet, which looks for vulnerabilities in network cameras, IP cameras, DVRs, and home routers.
"We have entered a new age of IoT device usage within the enterprise. Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices, and monitoring personal entities through corporate networks," says Deepen Desai, vice president of security research at Zscaler. "As an industry, we need to implement security strategies that safeguard enterprise networks by removing shadow IoT devices from the attack surface while continuously improving detection and prevention of attacks that target these devices."
You can read more in the full report available from the Zscaler site.