Enterprise organizations are still very concerned about weak standard passwords when it comes to IoT security. This is demonstrated by Zscaler’s IoT in the Enterprise: An Analysis of Traffic and Threats research report, in which the company investigated the traffic from IoT device activities in their own cloud for 30 days.

For the research, the ThreatLabZ research team of the cloud-based security specialist analysed 56 million transactions from IoT devices to gain a better understanding of the type of devices used, the protocols, the locations of the servers they communicate with and the frequency of incoming and outgoing communications.

In the thirty days of the investigation, the Zscaler-cloud processed millions of transactions of 270 types of IoT devices from 153 manufacturers. The analysis shows that more than a third of organizations have at least one IoT device that sends data from the network to the internet via Zscaler’s cloud platform. These are often IP cameras, smartwatches, printers, smart TVs, set-top boxes, IP telephones, medical devices and data collection terminals.

Security

However, according to Amit Shinha, Executive Vice President of Engineering and Cloud Operations and Chief Technology Officer at Zscaler, IoT usage has developed faster than the ways to protect the devices and their users. “Organizations need to take steps to protect these devices from malware attacks and other external threats.”

When it comes to securing the Internet or Things devices, organizations are particularly concerned about weak standard passwords. Also, according to the research, there are concerns to provide plain text HTTP communication with a server for firmware or package updates, as well as plain text HTTP authentication. According to Deepen Desai, Vice President of Security Research at Zscaler, more than 90 percent of IOT transactions took place in a plain text channel, making them vulnerable to attacks.

“Organisations need to assess their IoT activity, as it will continue to grow and increase the risk of cyber attacks. From changing standard passwords to restricting access to IoT devices from external networks, there are a number of measures that organizations can take to improve their attitude to IoT security.”

Finally, the use of outdated libraries is a concern among enterprises, according to the study.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.