We invited several leaders from Zscaler to comment on changes they anticipate in the decade ahead. This statement was submitted by Deepen Desai, Zscaler Vice President of Security Research and Operations.
According to Gartner, 20.4 billion IoT devices will be in use worldwide by 2020, and enterprises are adopting a range IoT products, including printers, video conferencing systems, digital kiosks for signing in visitors, cameras, and handheld scanning devices, along with operational technology (OT) systems such as scientific equipment, diagnostic tools, and industrial control systems. IoT devices represent a huge store of information at the gate of an organization’s network—and they are often found to be vulnerable to attack.
In addition to company-managed devices, we have BYOD. Unfortunately, the use of IoT technology has moved faster than our ability to safeguard these devices and their users. Even now, at the end of 2019, there are no standards. In a report from earlier in the year, Zscaler ThreatLabZ researchers found that more than 90 percent of IoT traffic was being transmitted over plain text channels, making it susceptible to man-in-the-middle attacks. A well-versed 6-year-old could exploit that.
It’s time for people to wake up and demand more from IoT manufacturers. Do you really want a baby monitor that spies on you or a smart TV that listens to your conversations? How about a kids’ watch that exposes their location? For years, the industry has treated security as an afterthought and pushed responsibility on the consumer—basically, use strong passwords and 2FA. I agree we all should use strong personal security but it’s unfair to consumers who have been “told” to buy the shiny, new object that makes coffee and counts steps, while the manufacturers ignore the fact that its password is hardcoded and widely known to would-be hackers. We must insist on protections for these devices that are comparable to any internet-connected device, such as smartphones or laptops. In 2020, California will start requiring “reasonable security features” in IoT devices. But it’s a baby step.
Read other blogs in the "2020s" series:
The Decade that Tears Down LANs, WANs, VPNs, and Firewalls by Jay Chaudhry, Zscaler Founder and CEO
The 5G Frontier by Patrick Foxhoven, Zscaler Chief Information Officer and Vice President of Emerging Technologies
A New Kind of Identity Politics by Stan Lowe, Zscaler Global CISO
AI and Machine Learning Bring Hope for a Better Future by Howie Xu, Zscaler VP of Machine Learning and AI