Zscaler, a San Jose, California-based leading global cloud security company, has recently released its 2019 report – “IoT in the Enterprise: An Analysis of Traffic and Threats.” The report examines all the traffic stemming from IoT device footprints across the Zscaler cloud over the course of 30 days.
The Zscaler ThreatLabZ research team, in their analysis all together took into account a whopping 56 million IoT device transactions to better their understandings about the types of devices in use, the protocols they follow, the locations of the interaction servers, and the frequency of communications stemming from these devices i.e. inbound and outbound traffic.
Over a 30-day period, Zscaler cloud in total processed 56 million transactions from 270 different types of IoT devices that were manufactured by 153 different device manufacturers. The detailed IoT Traffic and Threat Analysis report also depicted that more than 1,000 organizations have at least one IoT device that utilizes the Zscaler cloud platform to transmit data from the network to the internet.
The most common IoT device categories detected across the Zscaler cloud include IP cameras, smart watches, printers, smart TVs, set-top boxes, IP phones, medical devices, and data collection terminals, among others.
“As is often the case with new innovations, the use of IoT technology has moved more quickly than the mechanisms available to safeguard these devices and their users. Within only one month of traffic, our threat research team saw an astronomical amount of traffic stemming from both corporate and personal IoT devices,” states Amit Sinha, EVP, Engineering and Cloud Operations, CTO, Zscaler. “Enterprises need to take steps to safeguard these devices from malware attacks and other outside threats.”
Key IoT Security Concerns from the report were:
- Weak default credentials
- Plain-text HTTP communication to a server for firmware or package updates
- Plain-text HTTP authentication
- Use of outdated libraries
“We observed that over 90 percent of IoT transactions are occurring over a plain text channel, which we believe makes these devices and the enterprises that house them vulnerable to crafted attacks,” states Deepen Desai, VP, Security Research, Zscaler. “Enterprises need to assess their IoT footprint, as they will only continue to expand and raise the risk of cyber attacks. From changing default credentials to restricting access to IoT devices from external networks, there are a variety of steps that can be taken to increase the IoT security posture.”