ABAX has already some years ago Security in the IoT environment discussed. Due to the rapid development around digitalization it is time for an update.
In the second part of our series we take an intensive look at the challenges around Iot Security.
You will find the first part of our series here.
What you should know about Internet of Things security
Networked devices can give businesses a real boost to innovation, but anything connected to the Internet can be vulnerable to cyber attacks. From corporate servers to cloud storage, cybercriminals can find a way to exploit information in many places in an IoT ecosystem. That doesn't mean you should replace your smartphone with pen and paper. It just means that you need to take IoT security measures seriously.
Especially in industries with systems that were previously separated from the "normal" IT landscape, i.e. classic OT (Operational Technology) environments, many new challenges around (cyber-) security arise. This is especially true for landscapes where the integration of protocols and devices that were not designed as part of a TCP/IP world (Transmission Control Protocol/Internet Protocol) is progressing. However, this changeover usually does not take place in one go, but mostly step-by-step, for example within the framework of normal life cycles or general modernisation measures. Nevertheless, these measures are usually not conceived on a company-wide basis, but rather project-related. This results in a mixed form, which is already tending towards digitalization, but has not yet completely arrived in the new Industry 4.0 world. And there are thus considerable IoT security risks.
Industry 4.0 still has to learn IT security
Security challenges around Industry 4.0 and IoT
Although the technologies are new for many areas, the challenges around security are not really new with increasingly networked systems. In this respect, this list is not a new invention, but it does help to simply remember some things:
Network segmentation
Any device that does not necessarily have to be accessible or visible in the network does not belong here. In addition, the principle applies that you can only secure what you see or at least know is connected to the network. With a well thought-out planning of your network based on a separation of segments you lay the foundation for a reasonable security strategy. By this simple measure you can dramatically reduce the attack surface (the number of devices). Put simply: sales staff should not be able to access production facilities.
Keep an eye on mobile devices
Ensure that mobile devices such as tablets are checked in and locked at the end of each working day. If devices are lost, data and information can be retrieved and compromised.
Manage your mobile devices
Use a secure access password or a biometric method so that no one can use a lost or stolen device. Use Mobile Device Management Systems (MDM), which allows you to restrict apps that run on the device, separate business and personal data, and delete business data if a device is stolen.
Implement automatic security updates
You need software on all devices to protect against viruses that allow hackers to access your system and data. Set up automatic updates to protect devices from cyber attack.
Use strong credentials
Many users use the same login and password for each device they use. While it is easier for people to remember, it is also easier for cyber criminals to hack them. Make sure that each login is unique to each employee and that strong passwords are required to log in. Always change the default password on new devices. Never use the same password again for all devices.
Deactivate unused functions
Check the available functions on your devices and turn off all functions that you are not using. This will significantly reduce the possibility of attack.
Use end-to-end encryption
Connected devices communicate with each other, transferring data from one point to another. This means you must encrypt data at every point. In other words, you need end-to-end encryption to protect information as it moves from point A to point B.
Choose an experienced cyber security provider
You want the Internet of Things to fuel your business and not interfere with it. Choose a reputable cyber security vendor to deploy proven, standardized, cross-system solutions.
And, most importantly...
The Internet of Things is not a fad. Innovative companies can better realize their potential with networked devices and new services, but they cannot ignore security concerns. As you build your IoT ecosystem, make sure your business, data and processes are protected and have a good cyber security plan
The advantages of IoT are undeniable. In the third part of our series, we focus specifically on Smart Manufacturing and the special position that OT has in security concepts.
You can download the first part of our series here read up.
ABAX is available to answer your questions about Industry 4.0, IoT and Safety for industry 4.0 of course would be very happy to help you.
