CB Insights predicts that digital twins will take off in 2022 as organizations seek to hedge against supply chain disruptions.
“Moving from the cloud to the factory floor, some manufacturers are turning to a micro-factory model, which leverages automation and robotics to create more flexible manufacturing frameworks that can be deployed in a fraction of the time and in large scale.”
IoT analysis predicts the Internet of Things (IoT) market will grow 18% to 14.4 billion active connections. It also posits that by 2025, as supply constraints ease and growth accelerates further, there will be approximately 27 billion connected IoT devices.
These billions of connections are a natural magnet that attracts cybercriminals looking for new targets and new opportunities.
According to CB Insights, this “deeper dive into virtual worlds paves the way for more cybercrime: Security solutions will become a top priority, especially as crypto hype and data privacy controversies continue.” to explode”.
IoT Vulnerability Awareness
Blackberry EVP and CTO, Chichir Singh says that the massive network of connected objects will require interoperability between systems. He posits that organizations need to educate employees that the IoT presents unprecedented security and privacy risks.
He believes employees in government organizations and businesses need to be aware that malicious actors can now access recordings from any device, anywhere, in real time, and warned that most worrying is the fact that manufacturers of IoT devices often omit rigorous testing. and fair support so they can get products to market faster.
“They also frequently drop software development and security updates as soon as products are released, leaving customers, both businesses and consumers, with an ever-increasing number of insecure devices in their environments,” continued Singh.
But as IoT proliferates in any enterprise, it’s on the production floors of industrial operations where Industrial IoT (I-Iot) is rapidly becoming an integral part of the operational technology (OT) landscape.” , said Raphael MomVice President of OT Security at Sygnia.
He posits that it is this I-IoT risk that is not well articulated, resulting in low awareness.
“These I-IoTs should be considered part of the OT environment, both to improve cybersecurity readiness and resilience, and organizational awareness.”
According Srinivas Kumar, vice president of IoT solutions at DigiCert, IoT vulnerabilities extend beyond published exposures and exploits. He noted that the “closed” and “siloed” nature of OT/IoT ecosystems provides limited visibility via on-device logs or control via third-party intervention.
“OT/IoT devices are micromanaged by the original equipment manufacturers (OEM) in production environments. This creates a blind spot for NOC/SOC monitoring and mitigation. Application security by design and a security profile for device field operations are essential to qualify and certify compliance of IoT devices and achieve cyber resilience in connected systems.
“A comprehensive approach to digital trust ensures that all access points and data are properly authenticated and encrypted, and that identity and access-based attacks benefit from an additional layer of protection that can be enforced and monitored across the organization,” Kumar said.
Recommendations for creating sustained awareness around IoT security
Maman from Sygnia recommends viewing IoT, especially I-IoT, as an integral part of the OT environment, and managing the associated risk landscape as part of the overall OT security framework.
“And include it in all your cyber awareness campaigns and training programs – again, as an integral part of your operational technology – and be sure to highlight the additional risk it introduces into your OT environment,” he continued.
Kumar adds that cybersecurity in heterogeneous, multi-vendor device ecosystems is a collaborative effort and requires OEMs, device operators, device owners, and regulators to define mandatory compliance standards and best practices for security. endpoint security on headless field devices.
“The paradigm shift in OT/IoT ecosystems is to strengthen the protection of devices throughout their active life which can span 10 to 30 years,” concluded Kumar of DigiCert.
BlackBerry’s Singh believes an effective way to raise awareness of IoT vulnerabilities is to educate employees on their responsibilities from day one. Adapting cybersecurity processes and policies as part of business onboarding is a good method to educate users.
“In addition to the regular and mandatory training programs that all employees must complete, conducting cybersecurity exercises such as crisis management tabletop exercises can increase awareness, preparedness and ultimately reduce the impacts critical events.”
“Finally, make sure IoT security training is targeted and easy to follow. Sharing irrelevant and confusing details about IoT vulnerability threats can be counterproductive. Communications should be kept simple, concise and easy to understand, as not all employees are IT experts,” Singh concluded.