The explosion of IoT traffic, transaction, and device volume is adding security risks to the enterprise and increasing the volume of IoT-based malware.
Internet of Things (IoT) endpoints are everywhere – at the office, warehouse, manufacturer, home, public facilities, government locations, and any other place you want to collect information from or respond to condition changes. They’re relatively cheap and easy to implement. However, they usually aren’t secure. IT has worked to secure its user’s communications and application access. The use of VPNs is quite common for application access, email, collaboration, and other services. IT needs to realize that the remote worker, especially now during the COVID-19 pandemic, may use unsecured products and services while accessing the enterprise network. Consider the problems produced by using Zoom for collaboration, previously mentioned in this related No Jitter article. The report from the Zscaler™ ThreatLabZ™ “IoT in the enterprise 2020” presents disturbing findings that 83% of IoT transactions transmit over plain text channels. This discovery is based on the February 2020 analysis by the Zscaler cloud that processed 33 million IoT transactions per day and 1 billion per month. IoT Explodes IoT traffic is generated by both authorized and unauthorized IoT endpoints that have exploded. It can also be generated by digital voice assistants – i.e., TV set-top boxes, smart TVs, smartwatches, and automobiles. This dilemma is adding security risks to the enterprise and increasing the volume of IoT-based malware because an employee could be checking home IoT endpoints from work. The implementation of IoT endpoints has created a condition of shadow IoT and has spurred the development of new IoT-based attacks. Zscaler reported a seven-fold increase in malware to 14,000 attempts per month since May 2019. Always connected employees and mobile device users have made the lines between enterprise and privately-owned endpoints at the office and at home hard to define. IoT Transaction and Device Volume The Zscaler cloud analyzed 500 million transactions from 2000 organizations. The report reviewed 553 IoT endpoints, divided into 21 categories, produced by 212 manufacturers. The highest number of IoT endpoints (not traffic but the endpoint population) was TV set-top boxes, (29.5%), followed by smart TVs at 20.3%. Third were smartwatches at 14.8%, followed by media players at 8%, digital signage media players at 5.8%, and data collection terminals at 5.6%. G2.JPG IoT devices graphic IoT Traffic Volume Business process IoT endpoints dominated the total number of transactions. The majority of IoT transactions were conducted with data collection endpoints (56.8%), such as wireless barcode readers used in manufacturing, engineering, logistics and warehousing applications. Printers accounted for 16% of the traffic, media players (7.7%), and digital signage media players (7.1%). Many of these endpoints (41%) didn’t support the SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), which are protocols for establishing authenticated and encrypted links, leaving a big hole in the security of these endpoints. G1.JPG traffic volume per verticals graphic Security Observations The report presented a poor picture of the use of encrypted transmissions. Zscaler reported that about 83% of transactions were transmitted over plain-text channels, with only 17% over secure (SSL) channels. The four security issues most frequently observed were: Plain-text HTTP for firmware or package updates HTTP authentication in plain text Using out of date libraries Allowing weak default credentials Shadow IoT Emerges The endpoint population is expanding rapidly and requires adopting a zero-trust model mentality. This mindset doesn’t trust any person or endpoint that connects to your network. You must know who the user is, what the endpoint is, and whether that user and endpoint, are allowed to access the applications they want to use. How many secured and unsecured IoT endpoints does your enterprise and your employees’ actuality use? Do you have the visibility necessary to manage all of them? The visibility issue becomes difficult when your users are connecting everywhere, and some of your applications are in the cloud. During the COVID-19 situation, or post-pandemic, you must train your employees in best practices and how to conduct themselves properly when at the office or remotely accessing the network. The employees may have to avoid using their digital assistant or smart TVs and smartwatches unless they implement secure communications. You also need to implement a thoughtful, practical, business policy included in your ‘zero trust’ design. The emergence of security and privacy regulations that already exist in California, Nevada, and Maine will accelerate the addition of secure endpoint implementations.