IoT Adoption & Risk report analyzes risks from more than 5 million connected devices; unveils shadow IoT, compliance violations, and FDA recalls as key challenges to securing enterprise IoT
Ordr’s Rise of the Machines: 2020 Enterprise IoT Adoption & Risk Report identifies real-world risks across a diverse set of connected devices, reaffirming the need for a comprehensive approach to securing all devices, including discovery, classification, profiling of risks and automated segmentation.
“In some of my recent research around enterprise IoT security I’ve found that more than 51% of IT teams are unaware of what types of devices are touching their network,” said Zeus Kerravala, ZK Research. “But perhaps what is more disconcerting is that the other 49% often times find themselves guessing or using a ‘Frankenstein’d’ solution to provide visibility into their network security, which will almost always create security issues. Shadow IoT is becoming a real security challenge, as It’s not enough to have the visibility into what is touching your network, but you need a solution like Ordr’s that allows for you to resolve the issues in a scalable automated fashion.”
Among the report’s most interesting findings were the frequent discovery of consumer-grade shadow IoT devices on the network such as Amazon Alexa and Echo devices. The most notable devices discovered on the network included a Tesla and Peloton. Similar to the early days of cloud adoption, where SaaS applications were deployed without IT’s knowledge, unknown and unauthorized IoT devices are now being deployed in the enterprise, introducing a new attack surface.
Ordr also discovered Facebook and YouTube applications running on MRI and CT machines, both of which often use legacy and unsupported operating systems like Windows XP. Using medical devices to surf the web puts the organization at a higher risk of falling victim to a ransomware and other malware attacks.
“We found a staggering number of vulnerabilities and risks concerning connected devices,” said Ordr CEO Greg Murphy. “To truly realize the potential of IoT, security is paramount. As more IoT devices are deployed, security and risk decision makers need to not only gain visibility into what is connecting to their network, but also understand how it is behaving.”
Additional Ordr findings from these deployments include:
- 15-19 percent had IoT devices running on legacy operating systems Windows 7 (or older). Since it is often not economical to take these critical systems out of service, these devices need to be properly segmented.
- 20 percent had PCI-DSS violations where IoT devices with credit card information were on the same subnet or VLAN as a tablet, printer, copier, or video surveillance camera.
- 86 percent of healthcare deployments had more than 10 FDA recalls against their medical IoT devices, meaning the medical device is defective, poses a health risk, or both.
- 95 percent of healthcare deployments had Amazon Alexa and Echo devices active in their environment alongside other hospital surveillance equipment. Voice assistants can unknowingly eavesdrop and record conversations and may put the organization at risk of a HIPAA violation.
- 75 percent of healthcare deployments had VLAN violations where medical devices were connected to the same VLAN and subnet as other non-medical devices.
There are real risks and threats posed by IoT, IoMT, and other connected devices if not accounted for and properly managed. As many analysts , there is no sign of the slowing of adoption of IoT devices in the workplace, so security needs to be prioritized. Ordr enables organizations to discover and safeguard the universe of connected devices in their environment today.
For additional findings and details, Rise of the Machines: 2020 Enterprise IoT Adoption & Risk Report can be downloaded in its entirety here.
Ordr secures the millions of enterprise IoT and unmanaged devices such as manufacturing machines, building systems, medical equipment, printers and more that run within global networks. The Ordr Systems Control Engine uses machine learning to automatically discover and classify every IoT and unmanaged device, map all communications, detect and prioritize vulnerabilities, and then proactively secure each device through dynamic policy generation and segmentation. Organizations use Ordr to discover their devices, track usage, achieve proactive protection and compliance. For more information about Ordr, go to www.ordr.net.