The Internet of Things (IoT) is a ubiquitous technology: watches, home appliances, environmental sensors, health devices, industrial equipment, vehicles and many other things. The Internet of Things is revolutionizing our daily lives by connecting smart devices and improving our convenience and efficiency. Connected object technology is prominent in our personal lives (Internet of Things analytics has estimated the number of active connected objects in the world at 14.4 billion in 2022), and it is very difficult for companies to manage it. In fact, this increased connectivity also exposes our data and infrastructure to potential cyberattacks. In the face of these threats, it is essential to put in place cyber resilience measures to protect users, businesses, and critical systems.
The Internet of Things, a security issue
Many industries have deployed the Internet of Things without thinking about the threat this integration brings. However, the danger is real. The Internet of Things is exposed to various risks, including DDoS attacks, which disrupt the functioning of devices and networks. Vulnerabilities in connected devices can also be exploited by cybercriminals to spy and steal sensitive data, or even to take control of devices to perform malicious actions.
Take, for example, a train station where IoT technology is used to manage the display of train departures and arrivals. It’s easy to imagine the general panic if a hacker were to adjust schedules and routes posted on billboards at the last minute.
The cyber risks associated with the Internet of Things can be much heavier when you know that it is being used to automate certain protocols in nuclear power plants. It would be enough for a cybercriminal to break in via a poorly protected connected object, such as a security camera or printer, to corrupt the system. The consequences can be dire, especially if no one is on site to observe or no monitoring device is deployed to raise the alert level.
In another case, more hypothetical, but focused on human security risks, for example for a hospital, cyber attackers could exploit a vulnerability in a patient’s vital signs monitoring system connected to the Internet of Things. By gaining access to this system, attackers can manipulate data, cause false alerts or hide real emergencies. Or worse, a hacker could exploit a flaw in the IoT system to automatically deliver medication at a hospital. With access to this system, attackers can change the doses or types of medications that are given to patients, putting their lives at risk and causing potentially catastrophic consequences for the hospital and its patients.
Of course, the more you use the Internet of Things, the greater the number of potential security breaches. So, there is a real issue of prevention, that needs to be incorporated from IoT device selection within the company. In fact, expanding the area of exposure to cyber risks can hinder the deployment of this technology, as IT managers do not want to put their ecosystem at risk. Especially since we see a huge gap in terms of the skills of the IT and operational technology teams to properly manage this technology. However, the Internet of Things is essential to the digital transformation of businesses. Since no organization can escape from it, everyone should consider “cyber resilience”.
Therefore, securing and resilience of the Internet of Things is essential for several reasons. First, it protects users’ privacy by preventing their personal information from being disclosed. Secondly, it prevents financial losses for businesses, which may result from cyber-attacks or loss of consumer confidence. Finally, securing the Internet of Things ensures the proper functioning of critical devices and infrastructures, such as health, transportation or energy systems, which increasingly rely on connectivity to carry out their mission.
The Internet of Things can only be deployed by taking into account cyber resilience
In December 2022, 86% of French companies indicated that they have started an IoT approach*. However, although the deployment of IoT components is generally welcome to spur innovation and corporate competitiveness, its current, often opportunistic, implementation presents several security vulnerabilities.
In March 2021, an American company specializing in cloud-based video surveillance systems suffered a data breach, when a group of hackers gained access to live video feeds and recordings from thousands of surveillance cameras. Owned by businesses, hospitals, schools and other organizations. This attack raised concerns about the security and privacy of IoT systems.
Therefore, it is necessary to anticipate securing the ecosystem in which the Internet of Things will be implemented from the very beginning of the project. Security objectives in the context of an IoT deployment are multiple, including at a minimum:
- Continuous management of the security situation while not detracting from information systems compliance;
- Implement a robust security architecture to reduce cyber risks;
- Detect and mitigate threats before they affect operations.
In fact, if the IoT component is compromised, so will the entire system and its ecosystem. This is where the concept of resilience comes in: the question is no longer “will we be attacked”, but “how do we behave when we are attacked”. Therefore, we must think about operational resilience objectives by:
- improve asset management with a real-time inventory of IoT assets;
- reducing disruptive events due to known operational risks;
- Enhance the change management process to ensure the security, safety and resilience of operations supported by this technology.
Among the best practices, it is advised to regularly test the resilience of IoT assets to ensure continuity of services. Anticipation is the key word. You should also focus on a long-term basis on monitoring and managing the various security tools so that they are constantly updated and flawless. Finally, data must be analyzed continuously and in real time to ensure that it is consistent and that the IoT component is not compromised.
To facilitate the implementation of IoT within companies, new standards are being developed and approved. We can especially cite the Zero Trust framework, which puts an end to the concept of implicit trust by introducing a paradigm shift: “trust only after verification”. Under the security policy, no person or device inside or outside the corporate network should access certain computer systems or workloads, except when expressly needed and after strict and systematic verification of access. There is no single answer, each company should be able to define their own algorithms and policies on securing access. Organizations must communicate best practices internally, identify risks, and eliminate common vulnerabilities to reduce their area of exposure to cyber risks.
It is important to remember and stress that IoT security awareness is critical to combating cyber risks. Educating users, developers, and infrastructure managers strengthen security practices, reduce vulnerabilities, and prevent cyber-attacks, contributing to a safer IoT environment.
Cyber resilience is not a hindrance, but it is a powerful tool for adopting this technology
If a company wants to deploy an IoT solution, they will do so no matter what. However, the risks incurred after publication can be a barrier to wider adoption. Increases in IoT budgets are envisaged in the next two years for 48% of companies * and this increase would be particularly well invested in securing ecosystems.
Individual or professional, everyone now depends on the Internet of Things. During an outage, user frustration can do more than just damage a brand’s image, it can also have a significant financial cost. It is imperative that the IoT component be resilient to ensure a minimum level of service in the event of a failure. So flexibility must be enforced as a natural extension of the Internet of Things, rhyming with reliability.
In conclusion, securing the Internet of Things and cyber resilience are essential to ensuring that users, businesses, and critical infrastructures are protected. It is critical that manufacturers, developers, and users work together to enhance the security of connected objects. Human capital plays a major role in this process, as user awareness and training contribute significantly to cyber resilience. Government initiatives and regulations should also be encouraged to ensure high safety standards. By taking a holistic approach to IoT cyber resilience, we can fully reap the benefits of this technology while minimizing the risks associated with it, thus building a secure and trusted digital future.
*IDC study for Kyndryl, December 2022.
Tribune By Nyamky Akable, Security and Resilience Growth Leader, Kendrell France
<< اقرأ أيضًا: ستعمل هذه التقنيات الثمانية على تسريع التحول الأخضر في أوروبا >>>