“Hey Alexa, what do you do with my data?”
Smart objects are growing in popularity in both our homes and workplaces, but you may get more than you expect. While they make lives easier and more seamless, smart objects also open us up to a greater risk of cyberattack. In this article, we discuss some of the security threats your internet of things (IoT) network poses and how you can protect your assets.
By using IoT technology, manufacturers can create new ways to streamline production, improve efficiency and tighten quality control. Sensors on different pieces of equipment collect, communicate and analyze data to give plant managers a complete understanding of every aspect of their production process.
A greater amount of data, often more detailed and sensitive, is being shared than ever before, bringing with it many benefits. But this also creates new threats and opportunities for this data to become compromised.
Awareness is growing of the cybersecurity threats posed by IoT and smart objects. In the U.S., the IoT Cybersecurity Improvement Act was recently passed by the House of Representatives. While this focuses on federal devices, it is another sign of the growing demand for greater IoT security.
Legislation and uniform standards to govern IoT may take time, but there are things you can do now to minimize risk?
Taking control of your data
The first step in any cybersecurity plan is to do a full audit of your weaknesses and risks. This is especially important for IoT security, as some devices will be the “set and forget” kind — sensors to monitor temperature or humidity, for example — that you install and don’t need to maintain, but are still a potential infiltration point into your network.
The challenge is that these kinds of devices, and other industrial automation and control systems, are designed for ease of access and connection, rather than for security. They may even have default factory set passwords or be unable to receive security updates.
If possible, it is important to patch IoT devices as soon as a vulnerability is identified, or if no security features are enabled, consider replacing the device.
Once you have a map of your IoT devices, you can use this data to increase protection from cyber threats. Monitoring which devices interact and the movement of traffic between them will make it easier to spot any abnormalities and help you to identify issues more quickly. Furthermore, it will help you to implement network segmentation, which can slow attackers’ movement through the system.
Retrofitting – problem or solution?
Another complication in the process of securing IoT devices in your facility is retrofitting. Replacing legacy infrastructure with new technology can be cost-prohibitive, so many manufacturers choose to retrofit their assets with smart sensors. While this allows you to take advantage of the benefits of IoT at a lower cost, it can also put you at greater risk of attack.
As retrofitting connects legacy assets not designed for IoT connectivity or to withstand modern security threats, it increases the number of points at which attackers could access the plant’s network. With so many more points of communication, older security programs and simple shared-system accounts and passwords are no longer adequate, and a newer, more complex security program needs to be implemented.
Despite all this, with the dramatic increase in cost to implement new technologies — which may well become obsolete soon — retrofitting may still be the better option, if security precautions are taken.
Risk vs. reward
Ultimately, it is up to each business to determine whether the risk of a cybersecurity breach outweighs the benefits of an IoT network. For many businesses, the day-to-day impact of an interconnected plant, and continuous streams of data available to inform business decisions, will take precedence.
But if you are in the process of updating or retrofitting your assets, do so with security in mind. Too often, IoT devices are manufactured without consideration for long-term security. Prioritizing this when choosing new systems or devices will vastly reduce the threat of cyberattack.
For those who have an existing IoT networks, integrate them into your wider cybersecurity strategy. First identify any vulnerabilities, then work to resolve them through changing factory-set passwords, installing patches or updates regularly, and selectively replacing vulnerable devices where cost-effective.
IoT can be an invaluable resource for manufacturers, but there is no need to let this resource become your downfall. By implementing an effective IoT cybersecurity strategy, you can take control of your data without leaving yourself open to cyberattack.