Shadow IoT: A growing threat to enterprise security

Zscaler released their second annual IoT report, compiled after analyzing their customers’ IoT transactions in the Zscaler cloud for two weeks. The company found 553 different IoT devices across 21 categories from 212 manufacturers.

Organizations around the world are observing this Shadow IoT phenomenon, where employees are bringing unauthorized devices into the enterprise. With this onslaught of unknown and unauthorized devices, IT and security teams often won’t know these devices are on the corporate network nor how they impact an organization’s overall security posture.

Key findings

• Unauthorized IoT devices on the rise: The top unauthorized IoT devices include digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems.
• Manufacturing & retail industries top IoT traffic volume: Manufacturing and retail customers generated the highest IoT traffic volume (56.8%) followed by enterprises (23.7%), entertainment and home automation (15.7%), and healthcare (3.8%).
• Majority of IoT transactions are insecure: 83 percent of IoT-based transactions are occurring over plain-text channels, whereas only 17 percent are using secure (SSL) channels.
• Exponential increase of IoT malware: 14,000 IoT-based malware attempts per month have been blocked. That number has increased more than seven times than the May 2019 research.
• New exploits emerging to target unauthorized devices: New exploits that target IoT devices are popping up all the time, such as the RIFT botnet, which looks for vulnerabilities in network cameras, IP cameras, DVRs, and home routers.

The company also identified a number of unique and interesting IoT devices connecting to the Zscaler cloud, such as smart refrigirators, music furniture (a combination table lamp and smart media player device named Symfonisk), Tesla and Honda automobile media players, and Wi-Fi memory cards.

“We have entered a new age of IoT device usage within the enterprise. Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices, and monitoring personal entities through corporate networks,” said Deepen Desai, Vice President of Security Research, Zscaler.

“As an industry, we need to implement security strategies that safeguard enterprise networks by removing shadow IoT devices from the attack surface while continuously improving detection and prevention of attacks that target these devices.”

Orgs should implement a zero trust approach

In response to the growing threat posed by Shadow IoT devices brought into the enterprise, IT organizations must first be able to gain visibility into the existence of unauthorized IoT devices that are already inside the network.

Organizations should be considering a zero trust approach that ensures any communication between devices and people is with known entities and is within their organization’s policy to reduce the IoT attack surface.