
Yesterday, Zscaler reported that consumer IoT devices are opening holes in enterprise networks. In a study of 1,000 organizations, the top four IoT devices seen were set-top boxes, smart TVs, smart watches, and media players.
We’ve been talking about this problem for years. Employees bring their own devices to work and attach ad hoc routers to the local network, leading to a multitude of infection points. In our study of lateral attacks, we demonstrated the threat that a single compromised device, such as an IP camera or set-top box, poses to infrastructure and critical data. Given growing security threats, it is critical that enterprises secure their entire network.
We’ve been talking about this problem for years. Employees bring their own devices to work and attach ad hoc routers to the local network, leading to a multitude of infection points. In our study of lateral attacks, we demonstrated the threat that a single compromised device, such as an IP camera or set-top box, poses to infrastructure and critical data. Given growing security threats, it is critical that enterprises secure their entire network.

Yet a study by Ponemon Institute earlier this month found that only 51% of enterprises regularly detect IoT devices in the workplace and a slim 8% have the capability to detect devices in real-time. According to Zscaler’s report, IoT devices initiated 56 million transactions in one month. That means 672 million per year, which is a mammoth amount of data for non-IoT-related companies.
To make that number sound even worse, 91.5% of those communications were unencrypted, and many devices were accessible with easily-guessed default passwords. An environment like that is a playground for an attacker. In over 6,000 blocked intrusion attempts, Zscaler noted that the payloads often contained a list of default credentials, enabling each infected device to attack another, as is common in botnets.
Automated IoT detection products solve these problems by informing enterprises about new devices and malicious activity. To learn more about security automation and IoT device security, view our fundamentals series or read more about the importance of encryption.
To make that number sound even worse, 91.5% of those communications were unencrypted, and many devices were accessible with easily-guessed default passwords. An environment like that is a playground for an attacker. In over 6,000 blocked intrusion attempts, Zscaler noted that the payloads often contained a list of default credentials, enabling each infected device to attack another, as is common in botnets.
Automated IoT detection products solve these problems by informing enterprises about new devices and malicious activity. To learn more about security automation and IoT device security, view our fundamentals series or read more about the importance of encryption.
Download the newly published report using the direct link below.