View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 27, 2020

Consumer IoT Devices are Flooding Corporate Networks

Security firm finds a fridge, a smart lamp connected to corporate networks

By CBR Staff Writer

Half of all the IoT devices interacting with business networks are actually consumer devices, many of which have incredibly inadequate security.

The figure is from cybersecurity firm Zscaler whose own software was at one point last year blocking more than 2,000 pieces of IoT-based malware. Now that number has skyrocketed to 14,000 malware attempts every month.

A key discovery by the cybersecurity firm following an analysis of IoT traffic is that while enterprises are embracing the connectivity and agility of workforces, enterprise and personal devices are getting mixed together as workers use both at home and in work. A lot of the IoT enterprise traffic identified is actually generated by unauthorised IoT devices such as smart home devices, digital home assistants and smart watches.

Zscaler note that: “What this tells us is that employees inside the office might be checking their nanny cam over the corporate network. Or using their Apple Watch to look at email. Or working from home, connected to the enterprise network, and periodically checking the home security system.”

This is opening up a range of security vulnerabilities as according to Zscaler, 83 percent of IoT transactions are done in plaintext channels and incredibly only 17 percent are done so using encrypted SSL, making it easier for an adversary to launch a man-in-the-middle attack or just sniff traffic.

Consumer IoT Connecting to Business Networks

IoT device use is expected to grow exponentially, with IoT Analytics predicting that the number of IoT devices in 2025 will hit 11 billion.

Zscaler crunched the numbers on nearly 500 million transactions coming from more than 2,000 organisations over two weeks.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

When they looked at the type of IoT device used they found that more than half of the devices  were related to set top boxes and smart TVs.

The majority of traffic however was coming from data collection terminals which account for 56 percent of the traffic recorded. Overall 41 percent of the device analysed were not using SSL security.

IoT Connecting to Business NetworksZscaler notes that: “This would be an enormous blind spot in an organization with a more legacy approach to networking and security since organizations should be inspecting all encrypted traffic.”

The manufacturing and retail industries generated the most IoT traffic volume at 56.8 percent. In manufacturing and retail verticals, the Zscaler team identified 57 different device types from 20 manufacturers, including 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals, and payment terminals.

Two interesting devices the firm discovered connecting to the cloud were a smart refrigerator made by Samsung that had the ability to stream music and video content directly from a user’s phone to a screen on the fridge door. It also found itself tracking the traffic of a piece of furniture that contained a smart media player and a controllable lamp.

Amid the seemingly intractable issue of desperately poor IoT security, the UK is planning to mandate a minimum of three security standards for consumer Internet of Things (IoT) devices, it confirmed last month.

The three standards include a demand on original equipment manufacturers that all device passwords are unique and not resettable to factory settings; that companies provide a clear vulnerability disclosure contact, and that OEMs “explicitly state” for how long their IoT products will get security updates.

Critics have suggested that enforcement is likely to be weak.

See Also:  New IoT Security Regulations: The Devil’s in the Details

Topics in this article : , , , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.