Zscaler has released a report titled, “IoT Devices in the Enterprise 2019: Shadow IoT Threats Emerge,” on Tuesday that has analyzed the exponential growth in IoT traffic volume as well as the growth of IoT-based malware, and how new threats have emerged within the Federal IT Enterprise.
The report gave an overview of the growth in IoT traffic and software, noting that in May 2019, IoT traffic generated by its enterprise customer base, the Zscaler cloud was processing 56 million IoT transactions a month. By Feb. 2020, the company recorded 33 million transactions a day and 1 billion IoT transactions per month, totalling a 1,500 percent increase.
In the white paper, Zscaler noted that as enterprises have advanced mobility and always-on connectivity, the division between company owned and privately owned devices, and between the workplace and the home, have become indistinct.
Zscaler stated how enterprise IT has become increasingly unaware of the devices generating IoT traffic. Because of the increased use and reduced insight, a new culture of shadow IoT has created IoT-based attack vectors for cybercriminals.
The company ranked the top IoT device categories, including authorized devices such as data collection terminals, digital signage media players, industrial control devices, medical devices, networking devices, payment terminals and printers.
The analysis also noted enterprise traffic generated by unauthorized IoT devices such as digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems. The report hypothesized that employees may use the enterprise network to access personal media devices, tainting the network security.
Zscaler has estimated that 83 percent of IoT-based transactions occur within plain text channels, whereas only 17 percent use SSL. The company stated that plain text opens traffic to access passwords, data and attacks.
The report referenced the case of the Mirai botnet of 2016, where attackers exploited the fact that consumers rarely change the default password on IP cameras and home routers and launched a denial-of-service attack that defeated a large part of the internet. Similarly to the 2016 attack, new exploits have emerged that target IoT devices that search for vulnerabilities in network cameras, IP cameras, DVRs, and home routers.
Zscaler noted that there were more than 4.7 billion things connected to the internet in 2016. By 2021, that number will increase to more than 11 billion and, by 2025, it is estimated that the number will hit 21 billion. Market research firm IDC has predicted that IoT spending will surpass the $1 trillion mark in 2022, a 15% increase over 2018’s $646 billion.
“We have entered a new age of IoT device usage within the enterprise. Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices, and monitoring personal entities through corporate networks,” said Deepen Desai, Vice President of Security Research, Zscaler.
About Zscaler
Zscaler is a global cloud-based information security company that provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of things environments.[2]
As of 2015, Zscaler provides automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing. It provides a cloud-based approach to security as a service. Zscaler was listed on the NASDAQ on 16 March 2018.
