The top unauthorised IoT devices Zscaler observed include digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems.
Analysis of over one billion IoT traffic transactions a month found that 83 percent of these were happening over plain text channels, with just 17 percent using secure SSL channels to transmit data.
Devices using plain text to transfer traffic is risky because it leaves the data open to interception by outsiders, who could use traffic sniffing, eavesdropping, man-in-the-middle attacks and other exploits to gain access to data on the device.
The majority of websites have stopped sending traffic in plain text due to the associated security concerns, but given almost four in five IoT devices still transfer data in this way, it seems there's still a long way to go before this part of the network is secure.
"We have entered a new age of IoT device usage within the enterprise. Employees are exposing enterprises to a large swath of threats by using personal devices, accessing home devices, and monitoring personal entities through corporate networks", said Deepen Desai, vice president of security research at Zscaler.
"As an industry, we need to implement security strategies that safeguard enterprise networks by removing shadow IoT devices from the attack surface while continuously improving detection and prevention of attacks that target these devices", he added.
One way in which IoT devices can be made more secure from outside interference is by users changing the default product password.