Cloud security company Zscaler stated in its report “IoT Devices in the Enterprise 2020: Shadow IoT Emerges as Security Threat,” that the shift in shadow IoT emerged as a security threat to enterprises’ security posture.
As enterprises embraced mobility and always-on connectivity for employees, the lines have blurred between company-owned and privately-owned devices, and between the workplace and the home. Zscaler stated that in many cases enterprise IT teams might not even be aware of some of the devices generating IoT traffic, and this new culture of shadow IoT is creating new IoT-based attack vectors for cybercriminals.
What are Shadow IoT Devices?
Shadow IoT devices are internet connected devices or sensors used inside an organization without the knowledge of the IT team in a company. A shadow IoT device can be any smart device like personal laptops, smartphones, fitness trackers, and smart home gadgets.
According to the report, the top unauthorized IoT devices include data collection terminals, digital signage media players, industrial control devices, medical devices, networking devices, payment terminals, printers, digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smartwatches, and even automotive multimedia systems. It also stated that new exploits are emerging to target unauthorized IoT devices like the RIFT botnet, which looks for vulnerabilities in network cameras, IP cameras, DVRs, and home routers.
The report also highlighted that the majority of IoT based transactions are insecure with 83% of IoT-based transactions occurring over plain-text channels, whereas only 17% use secure (SSL) channels. Zscaler claimed that it blocked 14,000 IoT-based malware attempts per month.
Deepen Desai, Vice President of Security Research at Zscaler, said, “We have entered a new age of IoT device usage within the enterprise. Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices, and monitoring personal entities through corporate networks. As an industry, we need to implement security strategies that safeguard enterprise networks by removing shadow IoT devices from the attack surface while continuously improving the detection and prevention of attacks that target these devices.”
Shadow IoT Devices Become a Growing Risk Factor
An earlier report from cloud-managed services provider Infoblox revealed that organizations in the U.S. (46%), Spain (35%), and the U.K. (33%) believe that there are more than 1,000 non-business related IoT devices connected to their enterprise networks at a time.
The report, “What’s Lurking in the Shadows 2020” surveyed 2,650 security professionals across the U.S., U.K., Germany, Spain, the Netherlands, and UAE to know the role of shadow IoT devices in enterprise networks. Infoblox claimed that its research gained a better understanding of the challenges faced by security leaders in managing shadow IoT devices across their networks.