Mobile, IoT, and OT Threats: 5 Key Takeaways for Healthcare, Government, and Education

The rapid integration of mobile, internet of things (IoT), and operational technology (OT) devices into enterprise networks is playing a large part in reshaping the cyber threat landscape, especially in our most critical sectors.

 With 96.5% of people accessing the internet through mobile devices and 59% of internet traffic originating from these devices, the attack surface has expanded dramatically. The proliferation of IoT devices and OT systems—many of which are unmanaged (“shadow”) or legacy—adds to the complexity, introducing new vulnerabilities. As these devices connect directly to core enterprise IT infrastructure, they create more opportunities for cybercriminals to exploit gaps in security. This is a pressing concern for sectors like healthcare, public sector, and education, where protecting sensitive data and maintaining essential services is paramount.  

5 key takeaways

To shed light on this burgeoning threat landscape, the Zscaler ThreatLabz research team conducted a detailed analysis of mobile and IoT/OT attack trends from June 2023 to May 2024. The following five takeaways are particularly important for healthcare, education, and government organizations as mobile devices, IoT, and OT grow more integral to their critical functions. For complete analysis, insights, and security guidance, download the Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report.

1. Mobile threats are increasingly targeting the education sector 

The education sector has emerged as the second-most targeted industry for mobile threats, accounting for 18.5% of all mobile malware attacks blocked by the Zscaler cloud—a significant 136% year-over-year rise in attacks (blocked mobile transactions) in a year that saw overall mobile attacks decline. As schools grow reliant on mobile and IoT devices for everything from communication to administrative tasks, their attack surface expands. The widespread adoption of bring your own device (BYOD) policies further exacerbates security challenges by introducing unmanaged devices into school networks, each serving as a potential entry point for attackers. With large amounts of personal data from a diverse user base, open networks, and a lack of security measures for non-employee and shadow devices, it’s clear why educational institutions have become particularly attractive and vulnerable targets for attackers.

2. IoT threats are adding to security challenges in the public sector

IoT devices are playing an increasingly vital role in government operations, but their growing prevalence also introduces new security challenges. The government sector ranks ninth in the number of unique IoT devices identified in the Zscaler cloud, reflecting the scale and diversity of connected devices within public systems. Accordingly, ThreatLabz found that the overall volume of IoT malware attacks has increased by 45% over the past year. The more IoT devices embedded in government infrastructure, the greater the risk of security breaches, making it critical for the public sector to prioritize IoT/OT security measures.

3. Increased IoT adoption in education is expanding the attack surface

The escalating use of IoT devices in educational environments has undoubtedly broadened the attack surface, as evidenced by a 104.8% year-over-year increase in IoT malware attacks targeting the education sector. This surge aligns with the expanding role of connected devices in education: the sector has the fifth-highest number of unique IoT devices identified in the Zscaler cloud. As schools adopt more devices for classroom management, administrative tasks, and facility operations, their security measures are struggling to keep up with the pace of change, putting sensitive student and institutional data at greater risk.

4. Growing OT threats are putting healthcare’s critical infrastructure at higher risk

Healthcare organizations face distinct challenges when it comes to OT threats as medical systems rely on critical connected devices. IoT malware attacks are up over the past year and the OT environment remains highly vulnerable. ThreatLabz surveyed large-scale OT environments in the healthcare and manufacturing industries to assess their internal attack surface and identify key risks. One concerning finding is that many OT environments still rely on outdated legacy Windows systems, which are rife with vulnerabilities. Compounding the issue, most physical sites are managing more than 500 unique OT devices in a ThreatLabz analysis of large-scale deployments, creating a significant security risk: if even one device is compromised, the remaining 499 become vulnerable to infection. What’s more, an analysis of a healthcare-specific OT environment revealed a nearly equal split between internal (east-west) and external (internet-facing) network traffic, highlighting the growing complexity of modern healthcare environments. Any breach can have far-reaching consequences for patient care and safety, emphasizing the urgent need for stronger security measures in healthcare’s OT landscape.

5. Zero trust segmentation is necessary for critical sector security

Securing real-world critical infrastructure networks, including healthcare, manufacturing, and government facilities, has always been a challenge. These environments are filled with unprotected identities and IoT/OT endpoints that typically cannot support traditional security agents, making them more vulnerable to cyberattacks. The threat extends beyond initial breaches. Attackers exploit weaknesses to move laterally across connected IT and OT networks, embedding ransomware and other malicious payloads along the way. To this end, government agencies such as the FBI and CISA have issued guidance urging organizations to segment their networks to prevent lateral movement. However, given the inherent complexity of IoT/OT systems, a key part of this defense strategy is to shift from traditional segmentation measures to a zero trust model for segmentation in order to properly secure internet-connected devices.

Zero trust connectivity for IoT/OT and mobile security

As cyberattacks on our most critical sectors evolve in sophistication, organizations in healthcare, public sector, and education are notably vulnerable to IoT/OT threats and mobile malware. Threat actors are increasingly targeting OT systems and critical infrastructure, while IoT malware attacks continue to rise at an alarming rate. To safeguard these devices and systems from exploitation, lateral movement, and advanced attacks, organizations must adopt an AI-powered zero trust approach to security, including:   

•  Discover, classify, and inventory IoT and OT assets: Gain full visibility into your IoT and OT attack surface as a critical first step; this includes discovering, classifying, and inventorying both managed and unmanaged or “shadow” devices. A holistic view of the attack surface helps prioritize defense efforts, identify key vulnerabilities, and develop a proactive approach to securing these assets.

• Enable zero trust access connectivity: Leverage a robust zero trust access solution that integrates identity management and endpoint security. This solution should enable adaptive access decisions based on the real-time security and posture of user devices, risk factors, and device telemetry, ensuring secure direct connectivity between endpoints and applications—never to the underlying network.
• Enforce zero trust device segmentation: Apply least-privileged access controls for device-to-application, user-to-application, and application-to-application segmentation. This granular level of segmentation eliminates lateral movement, minimizes data exposure, and strengthens your overall security posture by reducing the potential for a single compromised device to jeopardize the entire network.
• Maintain consistent zero trust security policies: Ensure that zero trust access policies are consistently enforced across all environments, whether users are at headquarters, brand locations, or accessing applications remotely.

Conclusion

Zscaler for IoT and OT, powered by the Zscaler Zero Trust Exchange, delivers AI-powered IoT device discovery, classification, and visibility; segmentation and deception to prevent lateral movement; and secure remote access to OT systems without the need for VPNs. Zscaler Client Connector securely connects users directly to applications from any device—laptops, smartphones, and tablets—and enables zero trust policies to follow users regardless of device, location, or application accessed.

Download the Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report today for more actionable guidance, insights, and real-world case studies to help protect your organization’s mobile endpoints, IoT devices, and OT systems.