A Zscaler report finds 91.5% of IoT communications within enterprises are in plaintext and so susceptible to interference. Credit: HYWARDS / Getty Images Of the millions of enterprise-IoT transactions examined in a recent study, the vast majority were sent without benefit of encryption, leaving the data vulnerable to theft and tampering. The research by cloud-based security provider Zscaler found that about 91.5 percent of transactions by internet of things devices took place over plaintext, while 8.5 percent were encrypted with SSL. That means if attackers could intercept the unencrypted traffic, they’d be able to read it and possibly alter it, then deliver it as if it had not been changed. Researchers looked through one month’s worth of enterprise traffic traversing Zscaler’s cloud seeking the digital footprints of IoT devices. It found and analyzed 56 million IoT-device transactions over that time, and identified the type of devices, protocols they used, the servers they communicated with, how often communication went in and out and general IoT traffic patterns. The team tried to find out which devices generate the most traffic and the threats they face. It discovered that 1,015 organizations had at least one IoT device. The most common devices were set-top boxes (52 percent), then smart TVs (17 percent), wearables (8 percent), data-collection terminals (8 percent), printers (7 percent), IP cameras and phones (5 percent) and medical devices (1 percent). While they represented only 8 percent of the devices, data-collection terminals generated 80 percent of the traffic. The breakdown is that 18 percent of the IoT devices use SSL to communicate all the time, and of the remaining 82 percent, half used it part of the time and half never used it. The study also found cases of plaintext HTTP being used to authenticate devices and to update software and firmware, as well as use of outdated crypto libraries and weak default credentials. While IoT devices are common in enterprises, “many of the devices are employee owned, and this is just one of the reasons they are a security concern,” the report says. Without strict policies and enforcement, these devices represent potential vulnerabilities. Another reason employee-owned IoT devices are a concern is that many businesses don’t consider them a threat because no data is stored on them. But if the data they gather is transmitted insecurely, it is at risk. 5 tips to protect enterprise IoT Zscaler recommends these security precautions: Change default credentials to something more secure. As employees bring in devices, encourage them to use strong passwords and to keep their firmware current. Isolate IoT devices on networks and restrict inbound and outbound network traffic. Restrict access to IoT devices from external networks and block unnecessary ports from external access. Apply regular security and firmware updates to IoT devices, and secure network traffic. Deploy tools to gain visibility of shadow-IoT devices already inside the network so they can be protected. Related content news HPE sues China’s Inspur Group for server patent infringement HPE has accused Inspur of infringing on more than 10,000 active patents, specifically those related to its server technologies, such as general-purpose servers, rack servers, high-density servers, and AI servers. By Sandeep Budki Apr 18, 2024 3 mins Technology Industry Servers news analysis The APAC sovereign cloud surge: How will it impact your business? Sovereign clouds, designed to keep a nation’s data firmly within its borders, are upending traditional approaches to cloud computing for global enterprises operating in the Asia-Pacific. By Prasanth Aby Thomas Apr 18, 2024 8 mins Cloud Computing news analysis Intel builds world's largest neuromorphic system Code-named Hala Point, the brain-inspired system packs 1,152 Loihi 2 processors in a data center chassis the size of a microwave oven. By Maria Korolov Apr 17, 2024 6 mins High-Performance Computing Data Center news Gartner: AI to drive 10% jump in spending on data center systems Global IT spending is on track to exceed $8 trillion before 2030, Gartner says. By Michael Cooney Apr 17, 2024 3 mins Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe