We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
The growth of IoT has led to the deployment of billions of devices worldwide. Companies from major industries have amassed a vast fleet of connected devices, leaving gaps in security. Today, IoT security is largely ignored in many areas. For example, a large percentage of devices share the “admin / admin” user ID and password because their default settings never change.
The reason security has become a later idea is that most devices are invisible to organizations. Hospitals, casinos, airports, cities, etc. There is no way to see every device on their network. As a result, security risks are increasing. The first six months of 2021 saw more than 1.5 billion attacks on IoT devices, almost double the previous year.
The cost of violations for highly regulated industries such as healthcare, utilities, logistics, etc. Can be devastating. That’s why organizations operating in these areas need strong device management and security controls to prevent them from being violated. Failure to do so could result in compliance problems and millions of dollars in fines.
Fact: You can’t protect what you can’t see. Here are five complex industries that suffer from blind spots in security.
Arguably, The most important industry relying on IoT devices is healthcare. Hospitals, clinics and vaccine distribution organizations are frequently targeted, and the motive is not always financial. In some cases, it appears to be sabotage. A recent study by the Ponemon Institute noted that nearly a quarter of hospital data breaches originate from a medical or IoT device. Ransomware efforts on hospitals doubled in 2021, threatening hospital revenue and their ability to care for patients.
The CISA, the Cyber Security and Infrastructure Security Agency, formed a COVID Task Force in 2020 to assess risks to patient care and the functioning of healthcare and vaccination organizations. The task force identified a variety of risks to patient care and survival arising from attacks that exploit unsafe IoT attack surfaces in hospitals. These include access controls to physically secure medical devices, as well as security cameras and healthcare facilities.
“The Internet of Things is more brittle than we expected,” said Josh Corman, chief strategist at the CISA Task Force. “Before the epidemic, in particular, 85% of hospitals in the US lacked a single security guard on staff.”
Energy and utilities
Utilities are a favorite target of nation-state-sponsored attackers. Globally, utilities reported the deployment of 1.37 billion IoT devices by the end of 2020. The entire energy industry, including complex infrastructure – such as smart meters, security cameras and temperature / fire / chemical leak controls – is frequently targeted by bad performers.
There have been numerous cases of operational technology being hijacked by attackers for vandalism of utilities and ransom. Worldwide, energy and utility companies have taken steps to protect water supplies, power grids, refineries and pipelines. But more can be done.
Attacks on producers range from teasing and disruption to terrorism. Targets include industrial control systems (ICS) such as Distributed Control Systems (DCS), Programmable Logic Controllers (PLC), Supervisory Control and Data Acquisition (SCADA) systems and Human Machine Interface (HMI).
Attackers sometimes try to gain direct control over PLCs operating factory equipment rather than accounting or customer records. The attackers gained control of the PLC using hardcoded passwords, and then successfully destroyed the expensive machinery they controlled.
Cities rely on 1.1 billion IoT devices for physical security, operating complex infrastructure from traffic control systems, street lights, subways, emergency response systems and more. Any breakage or failure in these devices can be a threat to civilians. You see it in the movies: brilliant hackers control the traffic lights throughout the city, with full time to trap an armed vehicle. Then there is real life; For example, a hacker in Romania took control of a video camera outside Washington DC just days before Trump’s inauguration.
Cities are also being hit by ransomware; New Orleans and Knoxville, TN is a case in point. To prevent this type of security risk, IoT-dependent cities need 24/7 device operation and security to protect public services and assets.
Supply chain and logistics
Despite the high stakes in freight, rail and maritime shipping – where fleet, ship and traffic management systems are crucial, transportation system OT safety lags behind other industries. Shipping firm Mersk suffered unexpected collateral losses in the 2017 Notepatia attack on the Ukrainian government. Mersk was paralyzed worldwide and was barely able to move containers and ships for two weeks.
On roadways, traffic signaling systems with road sensors and LIDARs are IoT-linked, as are self-driving vehicles. Rely on IoT for railway traffic planning, power supply, maintenance and station control system. If IoT security starts with the visibility of the device, there is work to be done. Large and medium-sized organizations lack full device visibility.
Time to grasp IoT security
The fast-growing attack surface of the IoT device fleet in critical industries is a magnet for attackers. The more intelligent and ubiquitous connected devices become, the greater the potential damage. Successful attacks cost a lot, and IoTs get back online Surely they are no longer corrupt Compliance is crucial to the survival of the business.
The main wave of device retrofit or replacement seems inevitable for security purposes. Device management on a scale is now ready and can automate security measures such as password rotation. We rely on the use of automation to advance our critical industries and our security, gain full visibility of our IoTs, and manage devices tightly on a fleet scale.
Roy Dugan is the CEO of Securitings,
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.
If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing to your own article!
Read more from DataDecisionMakers