‘Shadow IoT’ Undermining Network Security
The majority of Internet of Things transactions are unsecured, adding a new enterprise security threat as industrial and retail IoT traffic begins to ramp up.
An enterprise IoT survey released this week by security vendor Zscaler found an “exponential” increase in malware attacks on vulnerable IoT networks. Zscaler said it detected about 14,000 IoT-based malware exploits per month, a seven-fold increase over the previous year.
The vulnerabilities for enterprise IoT deployments have been exacerbated by the rise of “shadow IT,” so-called because employees are bringing more unauthorized devices like smart watches into the workplace. “IT and security teams often won’t know these devices are on the corporate network nor how they impact an organization’s overall security posture,” the survey warned.
As a result, new exploits are targeting unauthorized devices, including botnets that scan for vulnerabilities in network and IP cameras and other consumer devices connected to corporate networks.
“Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices and monitoring personal entities through corporate networks,” said Deepen Desai, Zscaler’s vice president of security research. “We need to implement security strategies that safeguard enterprise networks by removing shadow IoT devices from the attack surface while continuously improving detection and prevention of attacks that target these devices.”
Those security strategies have yet to be implemented as IoT traffic increases. While manufacturing and retail customers combined accounted for about 56 percent of IoT traffic volume, most transactions were insecure. The Zscaler survey found that only 17 percent of transactions used secure sockets layer encryption. The vast majority use unprotected plain-text channels.
Zscaler advocates a “zero trust” approach to shadow IoT ensuring that any communication is between authorized users and known devices. That approach would help “reduce the IoT attack surface,” the survey concludes.
Zscaler said its results are based on its analysis of nearly 500 million IoT transactions from more than 2,000 organizations over a two-week period. The survey revealed 553 different IoT devices from more than 200 manufacturers. Security experts note that many of these devices rely on easily-hacked default settings.
Meanwhile, ransomware is another growing security threat for industrial and operational technology networks—the latter used, for example, in the energy industry. A recent ransomware attack on a U.S. natural gas facility has heightened concerns about the security of the nation’s critical infrastructure.
According to the U.S. Cybersecurity and Infrastructure Security Agency, attackers gained access via an IT network, then jumped onto an operational network controlling a natural gas compression plant. “There have been constant warnings from cyber experts about the need for operational and IT networks to be separated. Cyber attackers should not be able to pivot to the OT network from IT facilities,” said David Bicknell, a security analyst with GlobalData.
-Editor's note: This story has been updated to include a list of "shadow" IoT devices.