Danger - unauthorised devices in the workplace

1,500 per cent increase in IoT traffic through the Zscaler Cloud highlights dangerous rise in unauthorised devices brought into the workplace.

  • 4 years ago Posted in

Zscaler has released the company’s second annual Internet of Things (IoT) report, IoT Devices in the Enterprise 2020: Shadow IoT Threat Emerges. Zscaler customers are now generating more than 1 billion IoT transactions per month in the Zscaler™ cloud, which amounts to a 1,500 per cent increase since Zscaler’s May 2019 report. By analysing two weeks of this traffic through Zscaler cloud, Zscaler found 553 different IoT devices across 21 categories from 212 manufacturers.

 

Organisations around the world are observing this Shadow IoT phenomenon, where employees are bringing unauthorised devices into the enterprise. With this onslaught of unknown and unauthorised devices, IT and security teams often won’t know these devices are on the corporate network nor how they impact an organisation’s overall security posture. 

 

Key Findings:

  • Unauthorised IoT devices on the rise: The top unauthorised IoT devices Zscaler observed include digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems
  • Manufacturing & retail industries top IoT traffic volume: Manufacturing and retail customers generated the highest IoT traffic volume (56.8%) followed by enterprises (23.7%), entertainment and home automation (15.7%), and healthcare (3.8%)
  • Majority of IoT transactions are insecure: 83 per cent of IoT-based transactions are occurring over plain-text channels, whereas only 17 per cent are using secure (SSL) channels
  • Exponential increase of IoT malware: Zscaler blocked 14,000 IoT-based malware attempts per month. That number has increased more than seven times since the May 2019 research
  • New exploits emerging to target Unauthorised devices: New exploits that target IoT devices are popping up all the time, such as the RIFT botnet, which looks for vulnerabilities in network cameras, IP cameras, DVRs, and home routers

 

“We have entered a new age of IoT device usage within the enterprise. Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices, and monitoring personal entities through corporate networks,” said Deepen Desai, Vice President of Security Research, Zscaler. “As an industry, we need to implement security strategies that safeguard enterprise networks by removing shadow IoT devices from the attack surface while continuously improving detection and prevention of attacks that target these devices.”

 

Over the quarter, Zscaler blocked approximately 42,000 transactions which were IoT-based malware and exploits. The top malware families included Mirai, Gafgyt, Rift, Bushido, Demonbot and Pesirai. The top destinations connected to by IoT malware families and exploits are the United States, the UK, Russia, The Netherlands and Malaysia.

In response to the growing threat posed by Shadow IoT devices brought into the enterprise, IT organisations must first be able to gain visibility into the existence of unauthorised IoT devices that are already inside the network. Organisations should be considering a Zero Trust approach that ensures any communication between devices and people is with known entities and is within your organisation’s policy to reduce the IoT attack surface.

The promise of AI is on every biopharma’s radar, but the reality today is that much of the...
NTT DATA research shows organizations shifting from experiments to investments that drive...
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient...
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.
Tech leaders are divided on whether AI investments should boost productivity, revenue, or worker...
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.