IoT Adoption & Risk report analyzes risks from more than 5 million connected devices; unveils shadow IoT, compliance violations, and FDA recalls as key challenges to securing enterprise IoT.
Ordr, the leader in security for enterprise IoT and unmanaged devices, released new research into connected device adoption and risks entitled Rise of the Machines: 2020 Enterprise IoT Adoption & Risk Report.
The study incorporates analysis of anonymized data from more than 5 million unmanaged, IoT, and IoMT devices in Ordr customer deployments across a variety of verticals including healthcare, life sciences, retail and manufacturing, between June 2019 and June 2020.
“Ordr’s Rise of the Machines: 2020 Enterprise IoT Adoption & Risk Report” identifies real-world risks across a diverse set of connected devices, reaffirming the need for a comprehensive approach to securing all devices, including discovery, classification, profiling of risks, and automated segmentation.
Zeus Kerravala, founder and Principal Analyst, ZK Research, said:
“In some of my recent research around enterprise IoT security I’ve found that more than 51 percent of IT teams are unaware of what types of devices are touching their network. But perhaps what is more disconcerting is that the other 49 percent often times find themselves guessing or using a ‘Frankenstein’d’ solution to provide visibility into their network security, which almost always create security issues.”
“Shadow IoT is becoming a real security challenge, as it’s not enough to have the visibility into what is touching your network, but you need a solution like Ordr’s that allows you to resolve the issues in a scalable automated fashion.”
Among the report’s most interesting findings were the frequent discovery of consumer-grade shadow IoT devices on the network such as Amazon Alexa and Echo devices. The most notable devices discovered on the network included a Tesla and Peloton. Similar to the early days of cloud adoption, where SaaS applications were deployed without IT’s knowledge, unknown and unauthorized IoT devices are now being deployed in the enterprise, introducing a new attack surface.
Ordr also discovered Facebook and YouTube applications running on MRI and CT machines, both of which often use legacy and unsupported operating systems like Windows XP. Using medical devices to surf the web puts an organization at a higher risk of falling victim to a ransomware and other malware attacks.
Ordr CEO Greg Murphy, said:
“We found a staggering number of vulnerabilities and risks concerning connected devices. To truly realize the potential of IoT, security is paramount. As more IoT devices are deployed, security and risk decision makers need to not only gain visibility into what is connecting to their network, but also understand how it is behaving.”
Additional Ordr findings from these deployments include:
- 15-19 percent had IoT devices running on legacy operating systems Windows 7 (or older). Since it is often not economical to take these critical systems out of service, these devices need to be properly segmented.
- 20 percent had PCI-DSS violations where IoT devices with credit card information were on the same subnet or VLAN as a tablet, printer, copier, or video surveillance camera.
- 86 percent of healthcare deployments had more than 10 FDA recalls against their medical IoT devices, which means the medical device is defective, poses a health risk, or both.
- 95 percent of healthcare deployments had Amazon Alexa and Echo devices active in their environment alongside other hospital surveillance equipment. Voice assistants can unknowingly eavesdrop and record conversations and may put the organization at risk of a HIPAA violation.
- 75 percent of healthcare deployments had VLAN violations where medical devices were connected to the same VLAN and subnet as other non-medical devices.
There are real risks and threats posed by IoT, IoMT, and other connected devices if not accounted for and properly managed. As many analysts predict, there is no sign of the slowing of adoption of IoT devices in the workplace, so security needs to be prioritized. Ordr enables organizations to discover and safeguard the universe of connected devices in their environment today.