IoT traffic in the enterprise is rising, and so are the threats

Deepen Desai of Zscaler

Enterprises around the globe have been adopting Internet of Things (IoT) products to improve organisational efficiency, enhance communications, and to gain insight into system performance. IoT devices have become commonplace in enterprises from all industries. According to Gartner20.4 billion IoT devices will be in use worldwide by 2020, and more than 65% of enterprises will adopt IoT products.

The rapid adoption of these devices has opened up new attack vectors for cybercriminals, says Zscaler’s Deepen Desai. Many are employee-owned, and this is just one of the reasons they pose a security concern for businesses. As is often the case, IoT technology has also moved more quickly than the mechanisms available to safeguard these devices and their users.

Researchers have already demonstrated remote hacks on pacemakers and cars. In October 2016, a large distributed denial-of-service (DDoS) attack, leveraging Mirai Botnet, affected DNS servers on the east coast of the United States, disrupting services worldwide. This attack was traced back to hackers infiltrating networks through IoT devices, including wireless routers and connected cameras.

Our own recent research ‘IoT in the Enterprise: an analysis of traffic and threats’, explored some of the security concerns surrounding IoT devices. Among our team’s discoveries was that the vast majority of IoT transactions were occurring over plain text channels, instead of the more secure SSL-encrypted channels. While a major security vulnerability, the use of unsecured channels is just one issue with IoT devices. They are notorious for weak, pre-set passwords that often go unchanged.

As with just about every device connected to the internet, malware is also a threat to IoT devices. The fact is that there has been almost no security built into the IoT hardware devices that have flooded the market in recent years, and there’s typically no way to easily patch these devices. While many businesses have thought security for IoT devices unnecessary because nothing is stored on the devices, this isn’t the case. The Mirai botnet attack illustrated how exposed companies can be as a result of their IoT devices.

Even though these devices continue to be an easy target for cyberattacks, enterprises can take steps to reduce the risk. To start with, default credentials must be changed to something more secure. As employees bring in devices, they should be encouraged to ensure that their passwords are strong and their firmware is always up to date. IoT devices should also be installed on isolated networks (to prevent lateral movement), with restrictions on inbound and outbound network traffic.

Furthermore, access to IoT devices should be restricted as much as possible from external networks, with unnecessary ports blocked from external access. Regular security and firmware updates must also be applied to these devices, in addition to securing the network traffic. Finally, organisations must have visibility of the shadow IoT devices that are already sitting inside the network and ensure that the above safeguards have been implemented.

With all of these new connected devices, and the enormous amounts of associated data traversing corporate networks and opening up new attack vectors for cybercriminals, legacy networks are unlikely to provide adequate security. The threat landscape has changed dramatically and enterprises must not be slow to respond.

The author is Deepen Desai of Zscaler.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Nordic-powered wireless indoor alert system provides round-the-clock assistance to service users

Posted on: October 6, 2022

Hong Kong-based IoT technology solutions company, SG Wireless, has partnered with the local non-profit charitable organisation Senior Citizen Home Safety Association (SCHSA), to develop the ‘Wireless Personal Emergency Link’ (WPEL). WPEL is an indoor Bluetooth LE/LTE Cat 1 emergency alert system. Installed in the homes of service users, the system is designed to support senior citizens

Read more

DFI and AEWIN partner to empower software virtualisation technology through AMD platform ultra-small products

Posted on: October 6, 2022

DFI, the brand in embedded motherboards and industrial computers, was invited to participate in “AMD Datacentre Solutions Day” in September, based on the theme of high-performance computing (HPC). To launch the smallest industrial motherboard equipped with AMD products, DFI partnered with its subsidiary, AEWIN, to present their star products and share how ultra-small products can

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox