Securing the Industry of Things

Can you imagine the chaos if your connected freezer unexpectedly turned off, or your IoT controlled heating malfunctioned making it sweltering hot? Disaster for one person, let alone a business where thousands of connected devices form the foundation of its core revenue stream.

With Gartner predicting that the number of IoT devices expected to exceed 20.4 billion by 2020, it has never been more important to have the security protocols in place to protect against increasingly prevalent cyberthreats that can take them down. 

The various IoT sensors built into the manufacturing chain – including temperature controls, sensors to track output, or remote-control devices – provide the industry with a tremendous amount of critical data. However, with the explosive growth of IoT we have also seen a rise in cyber-attacks against these devices to increasingly detrimental impact.

Increasingly, IoT devices – and by extension manufacturers – are becoming targets for hackers. From the Dyn Domain Name System breach in 2016 that took down the likes of Amazon, Facebook, Twitter, and Spotify, to the German Federal Network Agency advising parents in 2017 to destroy the Cayla doll because of its vulnerability to cybercriminals, attacks on IoT devices and the discovery of new threats associated with them are only going to increase in frequency.

It is therefore no longer acceptable for businesses to bury their heads in the sand. They need to protect their devices, protect their customers and, fundamentally, put measures in place to protect their brand before it’s too late.

An attractive target for hackers

The growth of IoT has been mirrored by the rising sophistication of cyber threats across all industries. Owing to their highly connected nature, attacks on IoT devices could disrupt infrastructure, steal credentials, inject malware into systems, or bring down unprotected networks.

The sheer volume of devices connected to the web makes it easy for attackers to identify and exploit access points within an IoT network. Hacks on networks in smart factories could disrupt or interrupt production processes: for example, manipulating the cold chain by increasing the storage temperature in order to halt production and cause potentially unrecoverable financial damage.

Struggling to secure

The protection of data is paramount for any business. Despite this, businesses are struggling to keep on top of vulnerabilities, with Forrester revealing that over half of tech security leaders do not have sufficient tools in place to enforce IoT security policies. Battling with the specifics of each individual device, it is incredibly difficult to create one-size-fits-all security scanning tools.

For large institutions and industrial environments, many of whom are striving to prioritise PC and server patching, finding and cataloguing IoT devices and applying updates quickly is a near impossible task leaving businesses vulnerable.

Building trust in IoT

Fuelled by high profile breaches and the weight of protecting huge data packets, trust in IoT is dwindling for both businesses and consumers, with 96% of businesses and 90% of consumers believing that there should be IoT security regulations. In response, the government earlier this year announced new measures to boost cybersecurity in millions of internet-connected devices.

The new rulings stipulate that smart IoT devices will be expected to build-in security measures that last the lifetime of the product. Developed in conjunction with the National Cyber Security Centre, manufacturers and retailers, the Secure by Design review specifies that security must be embedded in the design process rather than a bolt-on or an afterthought.

Coupled with GDPR, this regulation recognises and demands that cybersecurity takes centre stage as businesses and consumers understand the critical impact that a breach can have. But, the question remains, is this enough?

Insider threat

As manufacturers struggle with the complexities of securing the IoT from outside threats, they are forgetting that human behaviour is still the biggest threat to a company’s security, with 55% of all cyber-attacks found to be carried out by ‘malicious’ or ‘accidental’ insiders.

Businesses can spend substantial sums on the latest cybersecurity technology designed to identify and mitigate threats when they emerge, but they will always be at significant risk if they do not find ways to independently account for the unpredictability of human behaviour.

As such, it is vital that manufacturers understand where their data is, who is accessing it, and can identify changes in behaviour in order to mitigate the risk accordingly. By understanding the human point, manufacturers can adapt their security postures to fight against increasingly prevalent threats, creating an environment with security at its core and ensuring that trust in IoT is built-in. 

Securing the industrial internet of things

There is no denying that IoT has an important role in the future of the manufacturing sector. We are already seeing businesses reap the benefits with advances in distribution, the streamlining of processes and the enhancing of customer experience.

However, if this growth is going to continue, it is important that manufacturers get their security solutions in order.

By understanding the value of the data that is flowing through the network, manufacturers can protect their fragmented systems and ensure that they can identify and mitigate risk, regardless of where it sits on the network. In doing so, the Industrial Internet of Things will continue to thrive and create a new frontier for innovation, safe in the knowledge that their data, employees and brand are safe.

By Luke Somerville, Head of Special Investigations at Forcepoint.