In addition to a lack of protection solutions, there is also a lack of knowledge within companies on how to deal with IoT security in the first place. (Picture: Pixabay)

Kasperky’s survey of European firms shows that more than half of the companies that deploy IoT solutions fail to protect them comprehensively, at 48 percent. This alarming statistic raises concerns about the risks of cybersecurity breaches and data misuse.

That it is imperative to protect these devices, is clearly highlighted by an analysis by Gartner. According to this analysis, one in five companies has experienced cyber attacks on IoT devices in the corporate network in the past three years. The primary cause for these vicious attacks and security lapses is, the IoT market’s complicated structure, wherein a plethora of devices and systems compete. It proves a Herculean task to cover each and every device with up-to-date security solutions.

Also posing a challenge to implementing protection solutions, is the general lack of knowledge within a particular company, on how to deal with IoT security, as shown by the Kaspersky data interpretation. According to the Russian multinational cybersecurity and antivirus provider’s latest survey, more than one in three (39 percent) companies in Europe feel overwhelmed when it comes to selecting suitable solutions, while 40 percent also fear performance disadvantages when using security solutions. Furthermore, 37 percent are afraid of high costs and 32 percent believe that they cannot justify such investments to the company management. Every third company (31 percent) also complains about the lack of in-house IoT security experts.

“IT errors can be annoying and expensive, but IoT errors can have fatal consequences.”

Stephen Mellor, Chief Technology Officer of Industry IoT Consortium.

Industry experts call to action for IoT security

Several voices from the industry have expressed their disquietude regarding the security crisis and have appealed to the companies to take immediate action. “Cybersecurity is central to the IoT,” said Stephen Mellor, chief technology officer at the Industry IoT Consortium. “Risk management is an important concern because life, limb, and the environment are at stake. IT errors can be annoying and expensive, but IoT errors can have fatal consequences. Cybersecurity is only one stage on the way to a reliable system. Physical security, data protection, resilience, reliability, and operational security must also be considered. In addition, all of this has to be coordinated. Although electronic locks ensure more building security, locked doors can also become a trap when a building needs to be evacuated quickly,” concluded Mellor with his example.

Eric-Kao, Director of  WISE-Edge+ at Advantech, a global provider of industrial IoT security solutions, added: “IoT projects by their nature are highly fragmented, loosely coupled, domain-specific, and difficult to integrate. In comparison, around 80 percent of IT projects – for example, in the area of ​​messaging/communication, analytics, or CRM – have common requirements. When implementing IoT, on the other hand, we deal with all kinds of legacy systems, physical restrictions, domain protocols, or solutions from different manufacturers. In addition, availability, scalability, and security must be in balance. For a plus in availability and scalability, specific cloud infrastructure is required, and thus an opening of the system.”.

Bringing on an optimistic fervour to the rather grim, but crucial topic, Andrey Suvorov, CEO of Adaptive Production Technology (Aprotech, a Kaspersky subsidiary for IIoT solutions) said: “Despite all these challenges, the Internet of Things offers fantastic opportunities; not just for companies, but for all of us. Just think of living comfort, transportation, or fast delivery and communication.”. He further added: “IoT is already firmly anchored worldwide in smart cities (62 percent), retail (62 percent), and industry (60 percent). These include energy and water supply projects, intelligent lighting, alarm systems, and video surveillance. Experts all over the world are working on their effective protection. Nevertheless, such efforts are necessary at all levels – ranging from the system manufacturers and software developers to the service providers and companies.”

Kaspersky’s recommendations for stronger IoT security

Kaspersky’s closing words in its press report were some combative tips for companies to ensure, so their companies wouldn’t fall prey to the sharpened fangs of cyber-attackers.

  • When selecting IoT devices, pay attention to their security properties. They should have cyber security certifications and come from manufacturers that put particular emphasis on information security.
  • Leverage strict access rules, network segmentation, and zero-trust models. This minimizes the spread of damage in the event of an attack, and the most sensitive parts of the infrastructure remain protected.
  • The most important data on weak points in PLCs, equipment and firmware are regularly recorded via vulnerability management and can be circumvented using appropriate protective measures.
  • The “IoT Security Maturity Model” is a method that guides companies through all the steps and levels required for adequate IoT security.