A new report from Unit 42 threat intelligence team of Palo Alto Networks has found that the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware, as well as older attack techniques that IT teams have long forgotten.
The study noted that although IP phones account for 44% of all enterprise IoT devices, they only have 5% of all security issues. Used across a wide range of industries, IP phones are often designed to be enterprise-grade in both reliability and security, the report said.
Security cameras make up only 5% of enterprise IoT devices, but they account for 33% of all security issues, the study said. “This is because many cameras are designed to be consumer-grade, focusing on simplicity of use and deployment over security,” it added.
The report also revealed that printers account for 18% of IoT devices and 24% of security issues. “They have inherently less built-in security, and vulnerabilities in browser interfaces often make them ideal targets as entry points for launching cyberattacks,” it said.
Most medical devices are also vulnerable to attacks because they have outdated operating systems due to their long lifecycles, according to the report.
“Medical IoT devices are among the worst offenders of running outdated and, in many cases, end-of-life operating systems. These devices are neither maintained by IT nor supported by the operating system vendors. Security function missing in the organization Biomedical engineers who maintain medical devices often lack training and resources to follow IT security best practices to employ password rules, store passwords securely, and maintain up-to-date patch levels on devices,” it noted.