Majority of IoT transactions are not secure, new study finds

The conflict between the internet of things and security has been an oft-discussed topic in technology circles for almost a decade. However, a new study published by Zscaler has revealed that this problem is perhaps even more serious than previously thought. The survey found that most transactions conducted over the IoT are done using plaintext encryption - only a relatively small amount of transactions use SSL.

Transactional risk

Transactions in this instance do not refer specifically to financial transactions - instead, transactions include any connection made by an IoT device to another machine. Zscaler first reported roughly 56 million IoT transactions per month in 2019. Now, in 2020, that number has jumped to 33 million per day. Needless to say, the exponential growth of IoT means that more data is at risk of falling into the wrong hands than ever before. And with encryption commonly being poor or entirely absent, the task becomes almost trivial for hackers. 

According to Zscaler's study, 83% of monitored IoT transactions were conducted using plaintext encryption. Only about 17% were using SSL encryption. In particular, this makes businesses especially vulnerable to cyberattacks, as it means that countless employees are using unsecured devices for a wealth of different purposes. This oversight gives hackers a large amount of leeway when it comes to gaining access to information they shouldn't be able to see. Unsecured transactions can be easily hacked into, and devices with obsolete security architecture or with encryption disabled make an easy target for cybercriminals to conduct "man-in-the-middle" attacks, where transactions and communications between two devices are altered to fit the whims of the hacker.

Unsecured devices and those without adequate security architecture pose a major threat to corporate networks and the information contained therein.

Poor corporate security

The Zscaler report additionally found that, when the metrics are limited to corporate networks, over 91% of all transactions were unencrypted. Given the fact that business networks contain much more sensitive information than that of a person's personal home network, they are particularly bountiful targets for hackers. Whether they are adjusting their home's temperature from work through their smartphone, checking stocks on a mobile device, or monitoring a security system for their vehicle, employees at various organizations are conducting a wealth of unsecured IoT transactions. This is extremely dangerous for organizational cybersecurity, and for many large firms clamping down on careless use of corporate networks and devices should be a top priority. Despite large companies holding on to the largest amount of sensitive information, and therefore being an appealing target, small and medium enterprises are not necessarily safe. In fact, 43% of data breaches were perpetrated against small businesses in 2019, according to Verizon's Data Breach Investigations Report.

The cloud is a useful tool, but many companies, from the lowest level to the executive suites, are using it irresponsibly. The unsecured nature of IoT transactions has allowed cybercrime to thrive over the past few years, and the trend will continue to rise until action is taken. As a result, businesses large and small should put optimal cybersecurity practices at the forefront of their operations. The use of encrpytion and updated hardware can make a big difference when it comes to informational security - as can training employees in proper data handling and transaction practices.

For companies that want to make the most out of the IoT while still keeping their and their customer's information safe, a robust and safe network architecture will be required. Perle offers secure networking equipment such as Ethernet switches and serial to Ethernet converters. Check out some of the ways Perle has enabled clients to reach their technological potential.