The majority of Internet of Things (IoT) transactions don\u2019t use even basic security, and there is a great deal of unauthorized IoT taking place inside the perimeter of enterprise firewalls thanks to shadow IT, a new study finds.\nSecurity vendor Zscaler analyzed nearly 500 million IoT transactions from more than 2,000 organizations over a two-week period. The survey found 553 different IoT devices from more than 200 different manufacturers, many of which had their security turned off.\n\nThe study was done on Zscaler\u2019s own Internet Access security service. It found the rate of IoT growth to be explosive: When it first started monitoring IoT traffic in May 2019, IoT traffic generated by its enterprise customer base was 56 million IoT transactions per month. By February 2020, that number had soared to 33 million transactions per day, or one billion IoT transactions per month, a 1,500% increase.\nZscaler is a bit generous in what it defines as enterprise IoT devices, from devices such as data-collection terminals, digital signage media players, industrial control devices, medical devices, to decidedly non-business devices like digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches and even automotive multimedia systems.\n\u201cWhat this tells us is that employees inside the office might be checking their nanny cam over the corporate network. Or using their Apple Watch to look at email. Or working from home, connected to the enterprise network, and periodically checking the home security system or accessing media devices,\u201d the company said in its report.\nWhich is typical, to be honest, and let (s)he who is without sin cast the first stone in that regard. What\u2019s troubling is that roughly 83% of IoT-based transactions are happening over plaintext channels, while only 17% are using SSL. The use of plaintext is risky, opening traffic to packet sniffing, eavesdropping, man-in-the-middle attacks and other exploits.\nAnd there are a lot of exploits. Zscaler said it detects about 14,000 IoT-based malware exploits per month, a seven-fold increase over the previous year.\n\u201cFolks can keep their smart watches, smart closets, and whatever else they think is making them smart. Banning devices is not going to be the answer here. The answer is changing up the narrative on how we think about IoT devices from a security and risk standpoint, and what expectations we put on manufacturers to increase the security posture of these devices,\u201d wrote Deepen Desai, Zscaler\u2019s vice president of security research in a blog post.\nDesai said the solution is \u201ctaking a zero-trust mentality.\u201d It may be a buzzword but, \u201cit\u2019s about security people not trusting any person or device to touch the network\u2014that is, until you know who the user is, what the device is, and whether that user and device are allowed to access the applications they\u2019re trying to reach.\u201d\nNaturally Zscaler sells such a solution, but he makes a valid point. This is an ages-old problem I have seen time and again; a hot new technology comes along, everyone rushes to embrace it, then they think about securing it later. IoT is no different.\nWhatever your device, at least go into the settings and turn on SSL.