A WEEK IN IoT — Hosting a lively webinar debate yesterday on transitioning to LTE-M with Aeris and IoT Analytics, I couldn’t help noticing how often the audience asked questions on how to secure the Internet of Things. Several questioners acknowledged that signal jammers and radio scanning of IoT connections are now regularly ‘a thing’.
By Jeremy Cowan, editorial director, IoT Now & www.IoTGlobalNetwork.com
Maybe it shouldn’t be a surprise. A survey by Netherlands-based Irdeto published recently revealed that 79% of manufacturing and production organisations have experienced an IoT-focused cyberattack in the past year. Of 220 security decision-makers surveyed in the Internet of Things (700 respondents in total across healthcare, transport and manufacturing), nearly half of these organisations (47%) experienced operational downtime as a result of experiencing a cyberattack.
A survey shows that 79% of manufacturing and production organisations have experienced an IoT-focused cyberattack in the past year
The Irdeto Global Connected Industries Cybersecurity Survey of 220 security decision makers in organisations in this sector (700 respondents in total) found that of the organisations that were hit by an attack, operational downtime (47%), compromised customer data (35%) and compromised end-user safety (33%) were the most common impacts. These findings clearly point to a direct bearing on revenue as well as health safety challenges presented by unsecured IoT devices.
It seems these organisations are aware of where the key cybersecurity vulnerabilities exist with their infrastructure. Prominent vulnerabilities within manufacturing and production businesses were in mobile devices and apps (46%). This was followed by the IT network (41%) and the organisation’s software (40%). As Irdeto says, if respondents are referring to the operations technology (OT) equipment software running the factory floor, that “could be hugely problematic”.
Awareness is not enough
Despite this awareness, 92% of respondents feel their organisation does not have everything it needs to address cybersecurity challenges. In all, 44% state that their company needs to implement a more robust security strategy.
This is followed by a need for additional expertise/skills to address all aspects of cybersecurity (42%) and a need for more effective cybersecurity tools (37%) within the organisation.
That’s before we start on device security …
These are just the weaknesses in the first link in IoT’s chain. What about when IoT devices are deployed? In the survey, 91% of manufacturers and 96% of users of IoT devices state that the cybersecurity of their IoT devices could be improved.
I’ve spoken before about the reputational damage to the Internet of Things that is surely coming if our industry fails to address these challenges. (See: Failing at the first hurdle: How IoT security risks derailing robotics before it ever goes mainstream) On this occasion, let’s just look at the average financial impact. According to the survey, the average cost to a manufacturing business of an IoT-focused cyberattack is shown to be more than US$280,000.
As Mark Hearn, director of IoT Security and Business Development at Irdeto says, there is an awareness of the cybersecurity challenges and impacts within the industry, but potentially a need to rethink strategies to mitigate the impact of potential cyberattacks. “Whatever the nature of the threat, industrial and manufacturing organisations must understand the scope of their current risk, ask hard cybersecurity-centric questions to vendors, and work with trusted advisors to safely embrace connectivity in their manufacturing process.”
Let’s end on a positive note; 99% of the manufacturing organisations surveyed agree that a security solution should be an enabler of new business models, not just a cost. This suggests that attitudes towards IoT security are changing for the better.
You can bet that IoT Now will be coming back to this subject regularly. In the meantime, let me know (@jcIoTnow) which aspects of IoT security concern you most.
Click here to download the full report:
Methodology: ‘The Irdeto Global Connected Industries Cybersecurity Survey’ polled 700 security decision-makers across healthcare, transport and manufacturing, plus IT and technology (who manufacture IoT devices) industries. The research was fielded online by Vanson Bourne from March – April 2019 in China, Germany, Japan, UK and US.
The author is Jeremy Cowan, editorial director, IoT Now & www.IoTGlobalNetwork.com