Employee home devices, which are often connected to corporate networks, were a source of IoT vulnerabilities during the pandemic.
A report released this summer puts the growing threat of IoT vulnerabilities into perspective. The report found that attacks on IoT devices increased 700% in the past two years. As more enterprises adopt IoT capabilities, security-first protocols must be adopted to keep organizations and consumers safe from cyberattacks.
IoT vulnerabilities up despite increasing investments
The Zscaler ThreatLabz report, the company’s yearly study of IoT attacks, revealed that CCTVs, digital video recorders, and routers were the most likely to experience malicious traffic, with over 70 devices in the first two categories found infected with some kind of malware.
While the report notes continued vulnerability, it also found that only 24% of IoT devices used proper encryption. That’s not a comforting number, but it’s up from 17% noted in the previous year’s study and a vast improvement over 2019’s 8.5%.
Encryption is a growing concern with more connected links in enterprise operations. Last year highlighted vulnerabilities with more employees forced into remote work. Despite this disruption and known vulnerability, the report found just 2.7% of devices using SSL encryption, currently a standard for sensitive data such as credit card processing and login management.
Entertainment and home automation still most vulnerable
The biggest vulnerabilities still remain in home automation devices and entertainment. These devices are rarely encrypted despite their connection to our sensitive personal data. There are so many different types of home IoT devices, making it difficult to maintain consistent security protocols. Plus, many consumers don’t realize how vulnerable connected devices are, choosing to focus instead on obvious security risks such as mobile devices or computers.
Specifically, the report found 300,000 IoT-specific malware attacks represented a 700% increase when compared to pre-pandemic findings. These attacks targeted 553 different device types, including printers, digital signage, and smart TVs, all connected to and communicating with corporate IT networks while many employees were working remotely during the COVID-19 pandemic. Essentially, no one was monitoring these IoT devices that were connected to corporate networks, leaving back doors open into these networks.
Studies like this indicate that security is still a major barrier to wide-scale IoT adoption, although consumers may still misunderstand just how vulnerable their home devices are. In addition, enterprises that want to leverage IoT’s full potential will need to rethink the security of all their devices across distributed systems to avoid further ramifications during future disruptions.
