By Neil Templeton, SVP, Console Connect
IoT deployments continue to expand globally, revolutionizing the way businesses operate by boosting efficiency and enhancing experiences for customers and employees.
But as is the case with many innovations, growth has outpaced security considerations, resulting in unforeseen problems emerging as bad actors seek to exploit new vulnerabilities.
The New Security Risks Presented by IoT Growth
In a paper published by the UK’s National Cyber Security Centre, the organization warned: “It is highly likely that the growing number of Enterprise Connected Devices (ECDs) being adopted by enterprises presents an expanding attack surface, with many of these devices being accessible over the public internet, and with cyber security often being an afterthought.”
This is further supported by recommendations in ETSI EN 303 645, which is the European standard for cybersecurity requirements in IoT devices. One of the key recommendations is to minimize the attack exposure surface, meaning, amongst other things, avoiding exposing IoT devices to the internet whenever possible.
In the past few years, there have been more examples of hackers using the public internet to access IoT devices. For example, in 2022, hackers were able to hack into connected medical devices, namely insulin pumps, and change the settings, which could have resulted in serious harm to patients.
There have also been incidents where hackers were able to access a popular baby monitor brand and watch babies in their cribs, or hack into smart speakers and issue commands to turn on lights or lock doors.
This suggests that security considerations are not keeping up with use cases, as IoT systems begin to have a direct impact on people’s experiences in the real world, including the food we eat, the elevators we ride, the traffic we move through, and the medical care we receive.
Part of the challenge is in the applications themselves. IoT devices are also often severely constrained in terms of footprint and available compute and processing capabilities. The result is that they often can’t support security clients on-device.
The other thing to consider is that in order to facilitate this ease-of-use and grow adoption, many of these devices connect to the public internet directly with a public IP address, leaving businesses vulnerable to service disruption and their sensitive data compromised.
How to Better Protect IoT Data
There are a couple of ways to avoid exposing IoT devices to the internet, which in turn helps to protect them from cyberattacks:
- One way is to use a local area network (LAN) to connect the devices to each other and to a controller. This way, the devices are not directly connected to the internet and can only be accessed by authorised users.
- If the controller needs to be connected to other cloud-based instances, that connection needs to remain on a private network as well.
- Another way to avoid internet exposure of the device is by connecting them directly to the cloud-based instances via fully private networks. Additionally, it is important to keep IoT devices up to date with the latest security patches. This will help to protect the devices from known vulnerabilities.
In addition to avoiding internet exposure, the ETSI 403 645 standard also recommends a number of other security measures for IoT devices, such as:
- Using strong passwords and authentication methods
- Encrypting data in transit and at rest
- Regularly scanning for vulnerabilities
- Implementing security incident response procedures
By following these recommendations, organizations can help secure their IoT devices and protect their data from unauthorized access.
IoT Applications that Should Avoid the Public Internet
A growing number of IoT applications carry sensitive data that businesses cannot afford to be exposed to the threats of the public internet.
For example, payment networks are a vital function of the banking system, enabling frequent touchpoints with customers.
Today point of Sale (PoS) devices take many different shapes and forms— from vending machines to coffee machines and ticket machines— all of which need to be connected directly to the cloud or data centre (or to a local hub) to relay sales and inventory information.
When it comes to payment networks, security is paramount. These networks handle sensitive customer data and transaction information and require a secure path from PoS devices to the cloud. There are also data sovereignty and regulatory frameworks to consider.
Meanwhile, IoT applications in logistics can help businesses understand the behaviour of assets better. When used in combination with asset intelligence systems, they can help make better decisions and gain real-time operational insights and delivery predictions, opening up new revenue streams.
IoT can not only enrich the location and status of a shipping container, but also the cargo inside. IoT connectivity can relay the status of containers with chilled or frozen functionality. In cases where shipments of cargo are time-sensitive (such as medicine or food), IoT can determine how long the container has been in its current location and if it is expected to reach its destination on time.
For both asset management and logistics, IoT connectivity can help beat inefficiencies in container utilization, fleet management and inventory management.
Introducing the Edge SIM
Console Connect is set to redefine the landscape of secure IoT and cloud connectivity at the 2024 Mobile World Congress (MWC) in Barcelona with the Edge SIM.
By leveraging advancements in Software-Defined Networking (SDN), the Edge SIM provides the world's first mobile connectivity solution that bypasses the public internet, and instead routes traffic via an automated, secure, private network.
As IoT devices and networks handle more sensitive and mission-critical data, the Edge SIM addresses the need for more secure access to the cloud, combining the flexibility and ubiquitous coverage of mobile networks with the enhanced security and performance of private networks.
The solution is a strong fit for critical IoT applications such as asset management, logistics, connected cars, payment networks and POS devices, live broadcasting, healthcare solutions and security systems.
Meet the Console Connect team at Stand 2E21 throughout MWC 2024, or visit www.consoleconnect.com for more.