Threat highlight: Analysis of 5+ million unmanaged, IoT, and IoMT devices
A new study incorporates analysis of anonymized data from more than 5 million unmanaged, IoT, and IoMT devices in Ordr customer deployments across a variety of verticals including healthcare, life sciences, retail and manufacturing, between June 2019 and June 2020.
Unmanaged devices
Researchers identified real-world risks across a diverse set of connected devices, reaffirming the need for a comprehensive approach to securing all devices, including discovery, classification, profiling of risks, and automated segmentation.
“In some of my recent research around enterprise IoT security I’ve found that more than 51 percent of IT teams are unaware of what types of devices are touching their network,” said Zeus Kerravala, Principal Analyst, ZK Research. “But perhaps what is more disconcerting is that the other 49 percent often times find themselves guessing or using a ‘Frankenstein’d’ solution to provide visibility into their network security, which almost always create security issues. Shadow IoT is becoming a real security challenge, as it’s not enough to have the visibility into what is touching your network, but you need a solution like Ordr’s that allows you to resolve the issues in a scalable automated fashion.”
Consumer-grade shadow IoT devices
Among the report’s most interesting findings were the frequent discovery of consumer-grade shadow IoT devices on the network such as Amazon Alexa and Echo devices. The most notable devices discovered on the network included a Tesla and Peloton. Similar to the early days of cloud adoption, where SaaS applications were deployed without IT’s knowledge, unknown and unauthorized IoT devices are now being deployed in the enterprise, introducing a new attack surface.
Researchers also discovered Facebook and YouTube applications running on MRI and CT machines, both of which often use legacy and unsupported operating systems like Windows XP. Using medical devices to surf the web puts an organization at a higher risk of falling victim to a ransomware and other malware attacks.
“We found a staggering number of vulnerabilities and risks concerning connected devices,” Greg Murphy, CEO, Ordr. “To truly realize the potential of IoT, security is paramount. As more IoT devices are deployed, security and risk decision makers need to not only gain visibility into what is connecting to their network, but also understand how it is behaving.”
Additional findings
- 15-19 percent had IoT devices running on legacy operating systems Windows 7 (or older). Since it is often not economical to take these critical systems out of service, these devices need to be properly segmented.
- 20 percent had PCI DSS violations where IoT devices with credit card information were on the same subnet or VLAN as a tablet, printer, copier, or video surveillance camera.
- 86 percent of healthcare deployments had more than 10 FDA recalls against their medical IoT devices, which means the medical device is defective, poses a health risk, or both.
- 95 percent of healthcare deployments had Amazon Alexa and Echo devices active in their environment alongside other hospital surveillance equipment. Voice assistants can unknowingly eavesdrop and record conversations and may put the organization at risk of a HIPAA violation.
- 75 percent of healthcare deployments had VLAN violations where medical devices were connected to the same VLAN and subnet as other non-medical devices.
There are real risks and threats posed by IoT, IoMT, and other connected devices if not accounted for and properly managed. As many analysts predict, there is no sign of the slowing of adoption of IoT devices in the workplace, so security needs to be prioritized.