Rutronik News

IoT – Ignorance (with)out Taboos

created by Bernd Hantsche |   Knowledge

The IBM Institute for Business Value recently released its benchmark “Internet of Threats” study. The conclusion is alarming, comments Bernd Hantsche, marketing director of Embedded & Wireless and head of the team of GDPR experts.

The study shows that securing IoT devices is characterized by ignorance of the criminal dangers and a lack of taboos when it comes to protecting one's business from a commercial instead of technical perspective. In short, many companies would rather invest in insurance than in engineers with security expertise, higher-quality electronic components, and a secure infrastructure.

This is demonstrated by figures from the study by the IBM Institute for Business Value. A sample:

  • Only 21 percent of companies utilize encryption for the data transmitted by their IoT devices.
  • At only 15 percent, even fewer companies use centralized patch management - although we know with certainty that attacks and the discovery of security holes will only continue to increase in the future.
  • The same percentage of companies, namely only 15 percent, implement authentication for their IoT devices
  • Even fewer companies, only 14 percent, simulate cyberattacks to test their products prior to their release.
  • Actual attacks usually go undiscovered, since only 10 percent of companies monitor their IoT network traffic to detect anomalies.
  • But in contrast, 45 percent of companies have purchased insurance covering the damage caused by such attacks.

Building the Plane while Flying It
The IBM Institute for Business Value compares the development of IoT technology to building a plane while flying it. In my opinion, the plane - i.e. IoT - will never be finished, which makes focusing more heavily on safe flight operations all the more important! Because in the event of a crash, an insurance policy can only go so far. It might be able to cover the financial losses - but not the damage to a company's image. And that alone has dealt a mortal blow to plenty of companies.

Security First
A widely pursued strategy is to begin IoT business development by adding flexible connectivity to products - like the integration of a wireless interface for OTA (over-the-air) functionality.

The second step is then usually a cloud-based infrastructure, which means data from devices is collected from the field and centralized. By using artificial intelligence, machine learning algorithms, or data from other databases, this can allow companies to obtain valuable information which can act as the basis for added-value services or further sources of income.

Implementing a wireless interface today is child's play. But any company that doesn't consider security from the very beginning will pay the price later on.

This is because various protocols and profiles through the MAC and PHY communication layers offer a wide range of gateways for hackers and cybercriminals. And even within the application itself, companies often do not give security sufficient consideration. This means that the later infrastructure can be at risk via the company's own in-house IoT devices.

In other words, companies not only need to implement state-of-the-art security measures as a result of the GDPR. They are equally important for protecting their customers and their own image! In this context, our team of GDPR experts offers our customers comprehensive, cross-product assistance in implementing such measures.

In addition, the team put together a book that covers all of the key aspects related to implementing the GDPR and security concepts. It can be downloaded for free and without needing to register at www.rutronik.com/security-aspects or ordered in paper form.

Furthermore, we also offer our customers free consultations, including with regard to security aspects. When it comes to implementing security concepts, we offer the latest high-tech solutions for the encryption, identification, analysis, and redundancy of data-processing components.