The Connected Enterprise: IoT Security Report 2021

Executive Summary

In 2021, cyberattacks against IoT devices have gotten bigger and bolder—from hacking water treat­ment plants to security cameras and more. For the second year, an IoT security survey from Palo Alto Networks highlights the need for shared responsibility among work-from-home (WFH) employees and IT teams to secure the enterprise.

According to the 2021 survey, 78% of IT decision-makers who have IoT devices connected to their organization’s network reported an increase in non-business IoT devices on corporate networks in the last year. Smart lightbulbs, heart rate monitors, connected gym equipment, coffee machines, game consoles, and even pet feeders are among the list of the strangest devices identified on such networks in this year’s study.

Remote workers need to be aware that IoT devices could be compromised and used to move laterally to access their work devices if they’re both using the same home router, which in turn could allow attackers to move onto corporate systems. Everything using the same Wi-Fi network creates more risk, whether in a living room or at a coffee shop. Enterprise IT teams need to better monitor threats and device access to networks and create a level of segmentation to safeguard remote employees and limit access to the organization’s most valuable assets.

Key Findings

The COVID-19 Pandemic Has Made It Harder to Keep IoT Devices Secure

These findings show that IoT security remains a challenge for organizations, who feel the problem has gotten worse with the rise of working from home. 81% of those who have IoT devices connected to their organization’s network said the shift to remote work during the COVID-19 pandemic led to greater vulnerability from unsecured IoT devices on their organization’s network, and 78% of respondents in the same group admitted to an increased number of IoT security incidents for their organization.

Greater Visibility of IoT Devices Reveals Improvements Needed with IoT Security

Interestingly, when asked if they are confident that they have visibility of the IoT devices connected to their organization’s network, 97% of IT decision-makers responded that they were. However, nearly all (96%) of those who have IoT devices connected to their network also reported their organization’s approach to IoT security requires an improvement, with one in four (25%) indicating the need for an IoT security strategy overhaul. The most required security capabilities are threat protection (59%), risk assessment (55%), IoT device context for security teams (55%), and device visibility and inventory (52%).