Too many IoTs?

James Bristow at Cradlepoint argues that industry 4.0 is creating a security challenge like no other

 

In the era of Industry 4.0, the promise of interconnectedness and efficiency comes with an important consideration: security. While Industry 4.0 is transforming manufacturing and industrial practices through advanced digital technologies, we now find ourselves surrounded by devices that are constantly speaking to each other, creating an interconnected web.

 

Adopting IoT and other technologies to pursue more efficient and sustainable business practices can be a double-edged sword. Each new connection creates an expansion of the attack surface and increases security vulnerabilities. For example, each new IoT device can potentially provide a gateway for unauthorised network access.

 

According to our research, 45% of firms reported being subject to a network security attack over the past year, with 26% of those coming from compromised IoT devices! These stats highlight the need for organisations to seek secure and scalable connectivity solutions.

 

The promise and perils of Industry 4.0

Industry 4.0 represents a significant shift in manufacturing and industrial practices, characterised by integrating digital technologies to enhance automation, connectivity, and data-driven decision-making. Using advancements in IoT, artificial intelligence (AI), robotics, and big data analytics, this transformation creates smart, interconnected webs where machines, systems, and processes communicate and collaborate seamlessly.

 

IoT devices are proving to be a significant challenge. Ranging from sensors in manufacturing plants to smart healthcare equipment, they are becoming more widespread across various sectors, offering convenience and innovation.

 

However, as factories become more digitised and reliant on devices such as IoT, the attack surface expands, providing more opportunities to exploit cyber threats that can disrupt operations, compromise data, and even endanger human safety.

 

The reality of unmanaged IoT devices

This rapid growth of IoT devices and the increase in the attack surface make them prime targets for malicious actors. Ericsson predicts a staggering 34.7 billion IoT-connected devices by 2028, emphasising just how widespread these devices are now in our world and the urgency for robust security measures.

 

Understanding the complexity of these connections is crucial as they transmit vast amounts of sensitive data, driving real-time decision-making across industries.

 

Despite their widespread use, IoT devices have several inherent weaknesses. These vulnerabilities span from weak authentication mechanisms and outdated firmware to limited computational resources, rendering IoT ecosystems susceptible to malicious exploitation.

 

Despite these risks, many firms have not fully addressed the issue. Alarmingly, 77% of organisations across Europe are unsure how many devices they have connected to their network, and an equal percentage don’t know how many more might be added in the next 12 months. 

 

Even more concerning, 27% of firms rely solely on security awareness training to secure their networks. Less than half (46%) include their head of IT in decisions on investing in new security technology, while 28% leave this critical responsibility to end users.

 

This approach can be problematic, as IT teams and CISOs often fall responsible in the event of a data breach yet may lack a clear understanding of the software protecting their networks. It also implies that those whose jobs are probably more at risk in the event of a successful breach are ill-informed about the technologies being utilised to safeguard their own network. 

 

Adopting advanced security solutions

To mitigate these risks, organisations must adopt a proactive approach to security that aligns with the principles of Industry 4.0 and the evolving IoT security landscape. Conventional network security solutions, often designed for devices like laptops and phones, are inadequate for IoT devices as they lack the computational resources to accommodate such factors.

 

Additionally, many IoT devices come with default factory-set passwords that are rarely updated, creating a significant challenge that lies in already stretched IT teams needing to carry out updates on numerous IoT devices, adding to a substantial workload.  

 

Many IoT devices currently rely on Wi-Fi, which may not offer the optimal security for modern IoT environments. To leverage the advanced security features of 5G, organisations should consider two key strategies: moving existing IoT devices to a dedicated 5G network or deploying new IoT devices with built-in 5G connectivity.

 

Migrating IoT devices to a separate 5G network allows for the implementation of 5G-optimised security solutions, providing enhanced protection and simplifying management through cloud-based platforms. This transition streamlines network configuration, resource identification, and access policy enforcement, reducing the burden on IT teams.

 

Alternatively, deploying new IoT devices with inherent 5G connectivity ensures robust security from the outset, especially beneficial for devices in remote or hard-to-reach locations where Wi-Fi may be unreliable.

 

In addition, IT teams need to adopt 5G-optimised security solutions tailored to the unique demands of IoT. For example, Zero Trust Network Access (ZTNA) principles, a crucial component of the Secure Access Service Edge (SASE) framework, offer a comprehensive approach to safeguarding IoT devices by constantly evaluating security posture to mitigate risks. ZTNA assumes that any network user may pose a security threat and continuously evaluates security posture. ZTNA policies can be tailored to each device, establishing security measures before connectivity and concealing public IPs and IoT resources from discovery, enhancing overall IoT security. 

 

The future of IoT security

As firms continue to digitise and utilise cloud services, they must look for solutions that enhance security rather than increase risks. The integration of IoT and 5G requires a unified approach to security. Embracing technologies like SD-WAN and following Secure Access Service Edge (SASE) principles will be crucial in protecting this interconnected ecosystem. 

 

Securing Industry 4.0 requires proactive measures, innovative solutions, and a comprehensive strategy that addresses the unique challenges IoT devices pose. By prioritising security from the outset and being aware of technologies that securely complement each other, organisations can harness their full potential while effectively managing risks.

 

The era of Industry 4.0 is vital and holds immense promise, but robust security measures must be a key pillar to realising its benefits securely.

 

---

 

James Bristow is SVP EMEA at Cradlepoint

 

Main image courtesy of iStockPhoto.com and Hispanolistic