Zscaler Study Confirms IoT Devices are a Major Source of Security Compromise, Reinforces Need for Zero Trust Security
SAN JOSE, Calif., July 15, 2021 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released a new study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment. The new report, “IoT in the Enterprise: Empty Office Edition,” analyzed over 575 million device transactions and 300,000 IoT-specific malware attacks blocked by Zscaler over the course of two weeks in December 2020 – a 700% increase when compared to pre-pandemic findings. These attacks targeted 553 different device types, including printers, digital signage and smart TVs, all connected to and communicating with corporate IT networks while many employees were working remotely during the COVID-19 pandemic. The Zscaler™ ThreatLabz research team identified the most vulnerable IoT devices, most common attack origins and destinations, and the malware families responsible for the majority of malicious traffic to better help enterprises protect their valuable data.
“For more than a year, most corporate offices have stood mostly abandoned as employees continued to work remotely during the COVID-19 pandemic. However, our service teams noted that despite a lack of employees, enterprise networks were still buzzing with IoT activity,” said Deepen Desai, CISO of Zscaler. “The volume and variety of IoT devices connected to corporate networks is vast and includes everything from musical lamps to IP cameras. Our team saw 76 percent of these devices still communicating on unencrypted plain text channels, meaning that a majority of IoT transactions pose great risk to the business.”
What Devices are Most at Risk?
Most traffic instead came from devices in manufacturing and retail industries – 59 percent of all transactions were from devices in this sector and included 3D printers, geoocation trackers, automotive multimedia systems, data collection terminals like barcode readers, and payment terminals. Enterprise devices were the second most common, accounting for 28 percent of transactions, and healthcare devices followed at nearly 8 percent of traffic.
ThreatLabz also discovered a number of unexpected devices connecting to the cloud, including smart refrigerators and musical lamps that were still sending traffic through corporate networks.
Who is Being Targeted?
How can Organizations Protect Themselves?
About Zscaler ThreatLabz
All data presented in this report is sourced directly from the Zscaler platform, which facilitates over 160 billion transactions daily. The data for this report was collected between December 15th and December 31, 2020, and only represents devices and attacks on corporate networks in physical office locations. ThreatLabz observed approximately 300,000 blocked transactions related to IoT malware, exploits, and command-and-control communications, including a total of 18,000 unique hosts and roughly 900 unique payload deliveries in this 15-day timeframe.
For more information, including access to the full report, please see “IoT in the Enterprise: Empty Office Edition.”
Zscaler™ and the other trademarks listed at https://www.zscaler.com/legal/trademarks are either (i) registered trademarks or service marks or (ii) trademarks or service marks of Zscaler, Inc. in the United States and/or other countries. Any other trademarks are the properties of their respective owners.