A report by Unit 42, a threat intelligence team at Palo Alto Networks, suggests 57 per cent of all internet of things (IoT) devices are susceptible to cybersecurity attacks and things are getting worse.

Researchers also discovered 98 per cent of all IoT devices are unencrypted, exposing personal and confidential data onto adjacent networks.

More than 30 per cent of all network-connected endpoints are IoT devices and a 2019 Gartner report found the adoption of enterprise IoT grew 21.5 per cent from 2018 to 2019 to an estimated 4.8 billion devices.

Unit 42 researchers analysed security incidents spanning 1.2 million IoT devices in thousands of locations across enterprise IT and healthcare organizations in the U.S.

They found that “the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten.

“There’s a shift away from attackers’ primary motivation of running botnets to conduct DDoS attacks via IoT devices to malware spreading across the network via worm-like features, enabling attackers to run malicious code to conduct a large variety of new attacks.”

Password-related attacks were also found to be prevalent on IoT devices because of weak manufacturer-set passwords and poor password security practices.

As an example, the report showed 72 per cent of healthcare organizations are combining IoT and IT assets on virtual LAN (logical grouping of devices on the same computer network), enabling infected employee computers to spread malware onto other IoT devices.

To help reduce exposure to IoT threats, Unit 42 recommends organizations take the following precautions:

* Know your risk — discover IoT devices on the network
* Patch printers and other easily patchable devices
* Segment IoT devices across VLANs
* Enable active monitoring
* Think holistically — orchestrate the entire IoT lifecycle
* Expand security to all IoT devices through product integration.