Written by Sean Ventura, Chief Information Security Officer. This article was originally published on RFID Journal.
The proliferation of the Internet of Things (IoT) technologies continues to transform business operations and processes. The pace at which these devices appear increases at an astounding rate each year: at present, there are 23.14 billion IoT-connected devices online. By 2025, according to Statista, there will be 75.44 billion.
It’s no surprise, then, that today’s manufacturers are more reliant on IoT technology than ever before. And while it is clear that the IoT’s benefits will make the industry more productive and organized by giving deeper access to customer and production data, the IoT’s acceleration also heightens cybersecurity risks. In fact, Symantec’s recent “Internet Security Threat Report” found that IoT attacks increased by 600 percent in 2017. To date, however, we’ve focused much of our energy on making IoT solutions operational, rather than securing them. Because of the transformations and integrations that the IoT will have on manufacturing processes, developing strategies and solutions to secure these devices will be critical.
As a result, it’s important to ensure that you protect your IoT devices, as well as the data you gather and the control systems, with a solution that both provides peace of mind across the supply chain and meets the rigorous standards set by increasing data regulations. Let’s take a look at the greatest threats facing IoT manufacturing and how solutions, such as cloud migration, deliver the security that businesses need to move forward with digital transformation.
Malware Threats for IoT Devices
Perhaps the IoT’s greatest danger to network security is its function as a “door” to your private data. A decade ago, your laptop or desktop computer was the only opportunity for a hacker to break into your network—and even then, the impact on day-to-day operations was minimal.
These days, more manufacturers are adopting IoT-enabled devices to monitor and control critical machinery and gather data that keep operations running smoothly. Every sensor is another door beyond your computers—if you employ 50 sensors in your factory, hackers have 50 opportunities to take control. Because IoT devices are designed with simplicity in mind, it is easier for a malicious user to gain control through one than it is to attempt access through a desktop.
So, what are hackers doing once they unlock your network? Much of the news in the last year has focused on ransomware attempts by which a hacker locks down your systems and demands payment to surrender control. But hackers are moving away from this attention-grabbing tactic.
Instead, they are moving to quieter, more lucrative businesses, such as cryptocurrency (for example, Bitcoin mining). Once they gain access to your systems, they can siphon a small amount of CPU power away and reorient it toward completing equations that unlock cryptocurrency. You’ll notice a slowdown in operations, and you might miss important manufacturing process data, which will affect production schedules or quality controls and, ultimately, the customer experience. Symantec found that this style of attack is increasingly attractive, citing in its security threat report that detections of coin miners on endpoint computers increased by 8,500 percent in 2017.
Cloud Security for the IoT
Although a hacker using your system for cryptocurrency mining will adversely affect your operations, the greater concern is the data the hacker has access to inside your network, which endangers both you and your customer. Fortunately, the cloud can help you mitigate both of these risks.
Rather than allowing your IoT sensors to feed data into an on-premise system—or, even more burdensome, disparate systems—adopting a cloud strategy allows you to store data off-site and on systems protected by providers dedicated to securing your operations. By migrating to the cloud before you install sensors, you’ll create a single point of control, with greater accessibility from day one, and all data—IoT-collected or not—is locked down immediately.
For many companies, this level of security is no longer a luxury. Manufacturers that hold any data from European customers are already responsible for greater data security and accessibility under GDPR. But even U.S. companies that do not operate overseas will need to address their data-storage policies quickly because California will soon implement its own regulations. By connecting your IoT-enabled devices, as well as solutions such as enterprise resource planning (ERP) and point-of-sale (POS) systems, to a single cloud, you will be one step closer to achieving compliance.
Be Innovative, But Be Vigilant
The Internet of Things will soon touch every facet of the supply chain, and we will be better for it: we are entering an era of unprecedented productivity and data accessibility. However, it’s important to ensure that any new devices you bring on to your network are not working against you. By adopting the cloud as a safety net to cushion your IoT devices, you will share in the benefits of the IoT, while reducing risk.
Learn how to bolster IoT security using the cloud with a complimentary InfoSec assessment to identify vulnerabilities and their solutions.