IoT devices generate and share important data yet the World Economic Forum’s ‘State of the Connected World’ 2023 report identified cybersecurity as the “second-largest perceived governance gap”. Addressing gaps, and taking a comprehensive approach to IoT security overall, must be a number one priority for all companies involved in designing and implementing IoT solutions. To help, Wireless Logic introduced the Security Framework, a model for systematically securing IoT solutions end-to-end.
What are the security risks to the IoT?
IoT devices communicate with servers and present credentials that must be validated. They share often sensitive data and run applications which must be secure. Without adequate defence they can be vulnerable to malware, ransomware, man-in-the-middle (MiTM) and other attacks.
It is clear, therefore, that IoT solutions must be secured end-to-end because a cyberattack will target any weak link in the chain. IoT deployments are often extensive, meaning they present a large attack surface. If there is a way in, which could just as well be through staff inadequately trained on phishing as through device software vulnerabilities, a cyberattack can find it.
For this reason, security must start, but not end, with design. A holistic approach to solution design anticipates its future ability to defend, detect and react to incidents over the life of devices. However, robust security is end-to-end – it must look at processes and people, including those of suppliers, as well as devices.
How many IoT cyberattacks are there?
According to a report by SonicWall, there were 57 million IoT malware attacks in the first half of 2022, an increase of 77%. Despite this, Kaspersky reports that 43% of businesses don’t fully protect their IoT solutions. Over a third (35%) refer to a lack of staff or specific IoT security expertise while 40% cite difficulty in finding a suitable solution.
This is deeply troubling because malware or ransomware attacks, data breaches and any other type of cyberattack can cause damage on many levels. There is the cost of stopping the attack, of putting the issue right and the losses from recovery and down time. There may be fines, if there has been a compliance failing, then there is the often immeasurable impact of reputational and brand damage.
Device recalls can cost millions and security vulnerabilities can be a contributing risk factor. Meanwhile, IBM put the average cost of a ransomware attack at $4.5 million in its Cost of a Data Breach Report 2022.
IoT security needs
Clearly, not securing IoT deployments carries enormous risk. To mitigate this, security must be comprehensive and operate end to end, starting with the SIM which is the root of trust used to authenticate devices.
Beyond that, mechanisms for securing two-way communication and data include secure private access point names (APNs), encrypted virtual private networks and fixed private IPs.
It’s important not to neglect people and processes, not just your own but those of your suppliers too. They are critical to your company’s data security.
In fact, security must take a ‘root and branch’ approach, it isn’t achieved through a series of standalone technology features. It should begin with an assessment of the business’ capacity for risk, based on a number of considerations including data sensitivity.
Once that is understood, a strategic approach to a solution’s security starts with defending its assets and data, moves on to being able to detect anything anomalous when the solution is deployed, and then covers having the capability to react in the face of a security incident.
IoT security in 360 degrees: Wireless Logic’s Security Framework
Wireless Logic’s Security Framework provides a model to assess your IoT security against. It covers a range of technology capabilities, standards and best practices so you can strengthen your deployment’s identity and authentication policies and defend, detect and react to cyber threats.
To defend, you must manage the cyberattack surface to prevent unauthorised device, cloud infrastructure or data access. Security in this space encompasses IoT SAFE (a SIM standard to authenticate and authorise IoT devices to mobile networks), cloud authentication, software updates, encrypted communications and secure APNs.
To detect, you must monitor devices and networks to spot anything that is unusual. For this, you need usage-based insights and detailed analysis. Detection could be, for example, a change in target URLs or data usage.
Despite all defences and detection capabilities, it is still necessary to be prepared to react swiftly and precisely in the event of any security breach. Automated countermeasures can isolate a security threat, such as that posed by a compromised device, and initiate remedial action by, for example, forcing a software update or taking the device out of service altogether.
IoT companies must prioritise security to defend, detect and react in the face of cyber threats. Find out how Wireless Logic can help through the Security Framework
