We’ve been talking about this problem for years. Employees bring their own devices to work and attach ad hoc routers to the local network, leading to a multitude of infection points. In our study of lateral attacks, we demonstrated the threat that a single compromised device, such as an IP camera or set-top box, poses to infrastructure and critical data. Given growing security threats, it is critical that enterprises secure their entire network.
To make that number sound even worse, 91.5% of those communications were unencrypted, and many devices were accessible with easily-guessed default passwords. An environment like that is a playground for an attacker. In over 6,000 blocked intrusion attempts, Zscaler noted that the payloads often contained a list of default credentials, enabling each infected device to attack another, as is common in botnets.
Automated IoT detection products solve these problems by informing enterprises about new devices and malicious activity. To learn more about security automation and IoT device security, view our fundamentals series or read more about the importance of encryption.