57% of IoT Devices Vulnerable to Severe Attack, Report Finds

The report also found 98% of all IoT devices are unencrypted, potentially exposing personal and confidential data.

57% of IoT Devices Vulnerable to Severe Attack, Report Finds

A report released Tuesday by Unit 42, a threat intelligence team at Palo Alto Networks, found more than half of all internet of things (IoT) devices are vulnerable to acute cybersecurity attacks.

IoT is a network of Internet-connected objects able to collect and exchange data, such as IP phones, printers, intercom systems, and security cameras. More than 30% of all network-connected endpoints are IoT devices and a 2019 Gartner report found the adoption of enterprise IoT grew 21.5% from 2018 to 2019, totaling an estimated 4.8 billion devices.

Unit 42 researchers analyzed security incidents spanning 1.2 million IoT devices in thousands of locations across enterprise IT and healthcare organizations in the U.S.

Overall, they found that “the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten.” Researchers also discovered “a shift away from attackers’ primary motivation of running botnets to conduct DDoS attacks via IoT devices to malware spreading across the network via worm-like features, enabling attackers to run malicious code to conduct a large variety of new attacks.”

Password-related attacks were also found to be prevalent on IoT devices because of weak manufacturer-set passwords and poor password security practices.

Due to the overall lack of security measures in place, the report estimates 57% of IoT devices are vulnerable to medium- or high-severity attacks. Researchers also discovered 98% of all devices are unencrypted, exposing personal and confidential data on the network.

Researchers found healthcare organizations are at even greater risk as they are “displaying poor network security hygiene.” For example, approximately 72% of healthcare organizations are combining IoT and IT assets on virtual LAN (logical grouping of devices on the same computer network), enabling infected employee computers to spread malware onto other IoT devices.

Additionally, 83% of medical imaging devices are running on outdated operating systems — a 56% jump from 2018 due to the Windows 7 operating system reaching its end of life. This is particularly concerning as 51% of threats for healthcare organizations involve imaging devices, which “[disrupts] the quality of care and [allows] attackers to exfiltrate patient data stored on these devices.”

To help reduce exposure to IoT threats, Unit 42 recommends chief security officers take the following precautions:

  1. Know your risk — discover IoT devices on the network
  2. Patch printers and other easily patchable devices
  3. Segment IoT devices across VLANs
  4. Enable active monitoring
  5. Think holistically — orchestrate the entire IoT lifecycle
  6. Expand security to all IoT devices through product integration

For more detailed information on steps to take to reduce IoT risks, download the full report here.

About the Author

Contact:

Amy is Campus Safety’s Senior Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy’s mother, brother, sister-in-law and a handful of cousins are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.

In her free time, Amy enjoys exploring the outdoors with her husband, her son and her dog.

Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!


Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Online Summit On-Demand Campus Safety HQ