New report finds over 90% of IoT device transactions are unencrypted

Internet-of-things devices are becoming increasingly common in nearly every industry across the world, as they have helped enterprises improve efficiency, expand communications and automate a range of critical operations. However, the lack of cybersecurity standardization has created significant issues for companies and their customers, leading many to question how viable IoT will be in the years to come. Despite the skepticism, many enterprises have continued to ramp up their investment efforts - IoT spending is predicted to pass the $1 trillion mark by 2022, according to the International Data Corporation. Considering the rapid pace of IoT adoption shows no signs of slowing down, it's important to consider the potential impact that existing and emergent security threats might have on tech-enabled businesses.

Enterprises fail to encrypt IoT transactions
In late May, Zscaler released a new report that analyzed over 56 million IoT device transactions from 1,051 enterprise networks to help organizations better understand their risk exposure. The network security firm collected telemetry and traffic data from its Zscaler cloud product between March and April 2019, finding that 91.5% of all data transactions performed by IoT devices on corporate networks were unencrypted. Some of the study's more specific findings include:

• 41% of IoT devices did not use any Transport Layer Security
• 41% only used TLS for some connections
• 18% used TLS encryption to protect all traffic

The lack of robust encryption leaves enterprise IoT devices exposed to a variety of cyber threats, from man-in-the-middle attacks to malware infections like Mirai, Rift and Gafgyt. Hackers often use these techniques to intercept massive volumes of sensitive data that can be sold on black market websites or used to commit identity theft. Additionally, many enterprises have been slow to update their device credentials, making it easy for cybercriminals to gain access through default usernames and passwords. But what specific IoT devices are at risk?

Any IoT device with the ability to send and receive data could pose a risk to enterprise networks.

At-risk IoT devices
Zscaler's study found that the most common IoT devices were "set-top boxes used for video decoding," which accounted for more than 50% of observed hardware on corporate networks. These devices allow smart TVs, presentation systems and wearables to receive, decode and display digital signals, making them a prime target for would-be hackers. That said, data collection terminals represented the biggest risk to network and device security, as they generated over 80% of all outbound data transactions reviewed by the study. Overall, researchers at Zscaler identified around 270 unique IoT profiles from 153 different device manufacturers, including IP cameras, smart printers, medical devices, digital home assistants and a whole lot more.

Every unsecured IoT device represents a possible entry point for hackers, making robust cybersecurity infrastructure essential to every enterprise network's long-term stability. Perle offers high-performance connectivity tools that support scalability and complex security protocols. Read some of our customer stories to find out how we've helped other organizations protect their data transactions.