Future-proofing IoT manufacturing through security-by-design
The Internet of Things (IoT) is now part of our daily lives, and smart devices are littered throughout most homes and businesses. In the space of a few years, the presence of a smart hub has gone from being a rarity to a necessity. In 2018, found that 23% of Britain's 66.44 million people had a smart item, whilst a found that 47% of US-based Millennials have at least one smart home product within their homes. Behind closed doors, the IoT has really taken off. Take the retail industry, where by 2025, the connected ecosystem will be worth over. The manufacturing industry will see even greater disruption, and is projected to grow exponentially, experiencing what’s known as Industry 4.0.
As Industrial IoT (IIoT) uptake continues to surge, however, businesses are struggling to fight against rising cybersecurity threats. The revealed that from 2019-2020, the number of threats capable of causing major disruption to operational technology systems more than doubled, from 26% to 59%. The pandemic has led to an increase in attacks, with bad actors looking to take advantage of vulnerabilities and businesses left unable to keep up with existing infrastructure issues. Research from , in collaboration with the Ponemon Institute, found that nearly three in five (57%) of UK manufacturers faced a cyber attack in 2020. The industry cannot continue on this trajectory, with security being treated as nothing more than a mere afterthought. IoT deployments too often act as just one part of a wider cost-saving or productivity-enhancing exercise; Combine this with a lack of systems management or awareness of individual devices, you quickly have a situation where safety and security is no longer a central consideration.
Moving forward, the industry needs to be more holistic when it comes to integrating smarter systems. After all, smarter does not mean more secure. Individual devices cannot be deployed and then forgotten about, as every single device represents an entry point for cyber villains to attack. Designing security from the start will allow organisations to distribute important security updates automatically, remotely and from a position of governance and control.
Building with a security-by-design mindset starts with choosing a robust operating system (OS). Open source remains the OS of choice, with Linux renowned for its stability and security, while offering freedom to developers and software engineers to manage it and prepare for future market demands. It can also allow engineers to stay flexible and to keep on top of the evolving risk. Software maintenance is key, not just to avoid missing out on market opportunities related to devices, but to extend the lifetimes of hardware on the factory floor.
Shedding away the traditional hardware centric mindset, manufacturers must look to protect and future-proof individual deployments, seeking out mechanisms that can address updates and prepare for vulnerabilities. In the past, once a device was deployed into the field - for example, to help monitor performance and boost efficiency on a factory floor - there were minimal mechanisms to quickly deploy any new feature updates or address any newly discovered weaknesses.
In the event of an attack, the response should not create downtime for production lines. Instead, manufacturers should aim to maintain the factory floor in an operational state as they deploy a stream of software updates. In the case of being prepared for software failure, it is no longer a reality that you can develop software once and expect it to be secure and bug-free forever. Software will fail, so it’s about safeguarding when it does, to avoid substantial costs.
Guarding against software failure
Rollback features can help guard against software failure by giving hardware components, such as security cameras and other connected machinery on the factory floor, an added layer of reliability. Manufacturers can look to leverage the power of containerised software, like snaps, that enable developers to easily push software updates automatically and roll back in the event of failure. Snaps effectively supports both the OS and associated IoT software applications in a secure and modular packaging format. If a security vulnerability is discovered in the code used by an application, the application publisher is notified so the snap can be rebuilt quickly with the supplied fix and pushed out in a controlled and managed fashion. It greatly reduces the likelihood of an improper update breaking a device or degrading the user experience. Looking at smart manufacturing, rolling out a security patch seamlessly without disrupting the production line can lead to significant benefits like efficiency and reduced downtime.
Putting trust back in technology
On many factory floors, the onus is still on the end user to protect individual IoT devices. This is not sustainable, nor remotely efficient. Businesses need to take a long, hard look at where the burden of security lies, and seriously consider putting trust in IoT applications to support and manage networks. That way, managers can be confident that they’re future proofing through technology, which can automatically remediate any security issues, absolving customer responsibility.
It’s no longer a case of one size fits all in the smart era of Industry 4.0. Device hardware is not static and manufacturers must recognise that the future does not lie in this form of vulnerable hardware, but instead software-defined capabilities. As attacks continue to accelerate, more action is needed in order to protect and future-proof the manufacturing industry. It will take investment and a real commitment to change how the industry thinks about security related to smart infrastructure. The billions of existing IoT devices were not deployed overnight, and the security problems they inherent will not be fixed overnight either.
By Tom Canning, Vice President of Global Sales IoT and Devices, Canonical
Report: Financial institutions face cloud-based threats
Over one year into the pandemic, different financial institutions report costly consequences to falling short of protecting their data storage from cloud-based attacks and network disruptions. The report is based on more than 800 responses from IT professionals working in the financial services industry in North America, Latin America, Europe, and the Asia-Pacific region.
- Data breaches are an increasingly significant cost burden for the industry: Worldwide, financial firms that experienced a data breach reported estimated average losses of roughly $4.2 million per attack, with U.S. organisations hit hardest at $4.7 million in estimated losses.
- Network outages also result in costly burdens: Institutions lose an estimated $3.2 million on average with Asia-Pacific followed by European institutions carrying the heaviest losses at $4.3 million and $3.1 million respectively.
- The industry remains a popular target for cloud-based attacks: Over half of all organisations (54%) surveyed suffered a data breach in the last 12 months with 49% plagued by a cloud malware attack as well.
- Cloud and network-based attacks will continue to be a major threat vector: More than 50% of respondents expect to face a combination of IoT attacks, cloud vulnerabilities including misconfigurations, and data manipulation attempts over the next 12 months.
- Threat resolution teams are embracing network visibility for security hygiene: Globally, network monitoring (76%), threat intelligence (64%), and threat hunting (57%) are considered the most effective mitigation tactics against these threats.
Even before the pandemic, tech companies were increasingly seeking moves to the cloud. The COVID-19 crisis has accelerated the adoption of cloud computing by the financial sector as part of its process of digitalisation. As companies transition and move data, there can be a lack of protection due to a number of factors such as undertrained staff and insufficient firewalls.
“The financial services sector has long been a target for bad actors who are following the cyber money trail into the cloud,” said Anthony James, VP of Product Marketing at Infoblox. “As the pandemic pushed IT infrastructures to rely on remote work, cloud-based technologies that enabled digital transformation also created soft spots for cyber criminals to exploit.”
“This report shows us that cloud compromise has become the biggest cybersecurity issue for financial institutions and the investments they are making to protect themselves,” James continued.