In our discussions with customers, partners and prospects about IoT Connectivity, IoT Security is a subject that is almost always raised.
In October we wrote this piece Securing Your IoT Networks - 1.5 billion breaches of IoT devices in H1 2021 whilst in this earlier blog The rollout of enterprise IoT networks - lots of optimism from analysts we explored how enterprises are increasing their investment in IoT projects.
To help share their knowledge, our IoT Security team put together a white paper Security for critical infrastructure - The role of IoT and Non-Public Networks.
This 12-page document sets out the security vulnerabilities of IoT ecosystems - and discusses how Telecom26 solves these significant IoT Security issues.
The rapid growth of IoT offers significant business opportunity, but if not secured appropriately, it can also represent a significant security threat and, ultimately, can be used to hijack the corporate intranet. The Telecom26 solution helps you to negate this threat and ensure that your corporate data is isolated from your IoT network to provide a comprehensive end-to-end IoT security solution.
IoT devices and sensors are inherently insecure – they are often remote and unmanned, and the outcome of an IoT attack (leading to loss of service) can have catastrophic consequences for both businesses and individuals alike.
IoT devices are often connected to the intranet, either directly or via the internet, but lack the processing power to apply even basic encryption and other security protection, they are often deployed in their millions, and some devices may even not be registered to, or known by, the IT department due to such large numbers and rapid proliferation.
There are also often vulnerabilities in terms of the broader security of new IoT infrastructure, resulting in gaps for protecting legacy systems that may connect to more open environments. In this scenario, a breach of an IoT device can result in unauthorised access to legacy systems.
It means that IoT could become the easiest, and preferred, target for malware and ransomware attacks, which can result in personal and corporate data vulnerabilities. The security of IoT devices is becoming one of the most pressing challenges for organisations and represents a serious vulnerability.
The IoT Security challenges: Some Statistics:
According to Kaspersky’s research: 872 million (58%) of IoT cyberattacks brokered access to IoT networks via the telnet protocol, a command line interface that enables remote communication with a device or server. And most attacks had the intent of cryptocurrency mining, distributed denial-of-service (DDoS) shutdowns or pilfering confidential data.
Meanwhile IT Governance, says that the number of Ransomware attacks reported in the second quarter of 2021 (to June 30) was 141. To put that in context, that’s nearly triple the number reported in the year-ago quarter (55 attacks), and a rise of 42% on the previous quarter (2Q21), during which 107 Ransomware attacks were recorded[1].
No sector is immune, with the Public Sector most affected in 2Q21 (accounting for 24% of all security incidents during that period), followed by Healthcare (23%), Education (13%), Technology (12%), Retail (12%), and Manufacturing (7%)… the list goes on.
The growing frequency and severity of Ransomware attacks means that it’s just a matter of time before any company or facility is targeted. And, these threats are now extending to the world of IoT. What does this mean for your business?
IoT Security - The Weaknesses In Your Systems
A report by French technology services company, Thales, lists the six most significant IoT Security challenges:
- Weak password protection
- Lack of regular patches and updates and weak update mechanism
- Insecure interfaces
- Insufficient data protection
- Poor IoT device management
- The IoT skills gap
However, one of the main vulnerabilities is, in fact, an old (but very valid) security issue – the relationship between the internet and the intranet. Modern web browsers provide poor protection against attacks originating from the internet, with hackers easily able to use a web browser as a proxy for the accessing the intranet, or internal network.
Importantly, by using a browser as a proxy, a hacker can not only bypass the perimeter firewall, but also any host-based firewall. Once breached, the perimeter firewall may log malicious code from an external site, but is useless against subsequent attacks on the internal network as these attacks will not go through the perimeter firewall.
Many organisations operating networks with thousands – and even tens of thousands – of IoT sensors or devices – may inadvertently be making it easy for hackers to use IoT sensors and devices to breach internal networks as they are often connected to the internet via the main domain, which then enables easy access to the intranet.
NB – If this is the case in your organisation, you need to read our white paper Security for critical infrastructure - The role of IoT and Non-Public Networks straightaway.
Our IoT Security experts also cover how organisations can proactively nullify the security threat that IoT ecosystems represent to your internal networks.
In a nutshell, cellular IoT offers better protection and fewer vulnerabilities as it’s possible to authenticate every device and user, while limiting (or managing) all access to any device or sensor.
The Telecom26 intra-network solution for IoT security
Our SIM-enabled security / device management can be applied to an estate of IoT sensors as easily it can to a mobile workforce and their connected devices and phones. For IoT ecosystems our unique SIM provide a dedicated, secure network for connected sensors and devices, while providing a semi-private network for communications (with fully enabled, secure private / public network roaming).
With hackers targeting the often weak security of IoT sensors and devices, it’s essential that all organisations ensure that their IoT networks are not only secure, but segregated from the corporate network, and are backed up by a trusted isolated network, should the need arise.
So if you’d like to find out how Telecom26 can help your organisation to embrace the benefits of IoT Networks, improve IoT connectivity and maximise IoT Security please contact us.
And, of course, we’ll be at the next global must-attend event of the year, Mobile World Congress in Barcelona 28 Feb - 3 March in Hall 7, Stand G10 if you’d like to meet up in-person to discuss your IoT Security and other connectivity needs, please contact us.