At Phosphorus Cybersecurity, we have examined millions of IoT and OT devices in the Enterprise. This includes everything from desktop VoIP phones to BACnet devices such as power distribution and chillers, to cameras, thermostats, door lock controllers, fire control panels, and lots of printers. We find a 90% common corpus of vendors to have been deployed in the Enterprise, and almost all are uncompleted, unmanaged, and insecure.
With our own data, we can positively confirm remarkable statistics of IoT in the enterprise; those of us with grey hair will remember what the Internet looked like in the 1990s, and that is the state of IoT security today. During the presentation we will exam key statistics, such as numbers of CVEs, numbers of CRITICAL CVEs, commonality of default credentials, and the average age and half-life of IoT firmware.