IoT Security Developments

pix 2.jpeg

A New Decade Brings New Risks and Solutions


Cyber-attacks are no longer a question of if, but of how and when.

The use of connected IoT devices will accelerate dramatically with the rollout of 5G networks, massively increasing networks’ vulnerability to large scale, multi-vector 5th generation cyber-attacks. IoT devices and their network and cloud connections are still a weak link in security. A growing need for IoT security therefore exists, combining legacy and innovative controls to protect these ever-growing networks across all industry and business sectors.

Industries, as well as consumers, will see great advances in devices in the coming year.  With the latest available technologies will come more intuitive and user-friendly IoT devices.

With the availability of more options, more data becomes at risk. Strategies will need to emerge to protect businesses’ connected devices. The following are emerging trends, developments and concerns:

Managed Security Services

An increasing number of companies are turning to outsourced managed security services. Though expected to accelerate at a faster pace in 2020, the complexity of the cyber-security market leaves some firms reticent to move to embrace outsourcing completely, and they are instead taking a hybrid approach by only outsourcing certain pieces of their security needs.

Cyber-security for Operational Technology (OT)

Operational technology—that which automates, controls, processes and monitors a network and includes hardware such as a programmable logic controller, process information systems and supervisory control and acquisition systems—are gaining in importance, due to the fact that safety instrumented systems are a current target. There is an expectation for this trend to accelerate in 2020 as more OT environments embrace digitization.

Although OT was behind the IT space regarding security standards, OT now has OT-focused security standards like ISA/IEC 62443 and the European Cyber Directive, as well as frameworks from the likes of NIST, NERC, SANS and the Center for Internet Security.

Secure by Design

According to the FTC, companies should build security directly into IoT devices before implementing the hardware into the system. This way, instead of building security around the device, the security is sound and can be tested ahead of time. This reduces the chance of possible misses in the firewall and security settings.

Secure by design is the approach where a product is designed from the foundation to be more secure. The shift to secure by design means device makers will begin prioritizing the creation of trusted connectable and manageable products.

This will include embedding life cycle management capabilities at the time of design, writing software with a focus on security and privacy principles, and providing accessible updates to those who deploy their devices.

Cloud Security

Cloud security remains a question mark going into the new decade. Many organizations already run most of their workloads in the cloud, but the level of understanding about security in the cloud remains low.

Blockchain

Blockchain has emerged as a viable solution for IoT security and has gained traction in security discussions.
Blockchain offers new IoT security optimism, as it is public, and that everyone participating in the network can view and approve the transactions.  It is also decentralized, eliminating single point of failure, and additionally, it is secure in that previous records cannot be altered, and information can only be added to the database.

In coming years, businesses and manufacturers will likely identify with having blockchain technology embedded in all devices. It is entirely possible that companies will soon make use of labels such as “Blockchain Certified”. Professionals called “Certified Blockchain Experts” already exist.

Cyber Insurance

Cyber insurance policies provide coverage against losses such as data destruction, denial of service attacks, theft, hacking and liability coverage guaranteeing compensation for damages from errors such as the failure to safeguard data.

The industry, however, is new, and problems exist, including a lack of standard policies.  This is difficulty interpreting what protections a policy can offer. Additionally, it a challenge to quantify and understand premiums.