Industrial IoT security solutions: How to protect your Enterprise from cyberattacks

The Internet of Things is regarded one of the main driving forces of the ongoing Digital Revolution, and for good reason.

There are plenty of ways that IoT can improve the lives of ordinary people, such as through lighting automation, smart home appliances, and improved security systems. At the industrial level, IoT can significantly improve company performance, reduce costs, and make the workplace safer. Therefore, Enterprise IoT solutions are applied across vastly different settings: from healthcare to mining. Consequently, as more companies deploy the IoT ecosystem in their Enterprises, more access points are created for hackers to expoit. According to IoT Analytics, the number of connected devices is expected to reach 27.1 billion by 2025.

Considering such a large number of devices, it may seem unlikely that your own system would be attacked by hackers. Cybercriminals, however, do not choose their prey randomly: they usually target the most insecure systems. As a result, if you don’t take effective actions to protect your network, connections, and devices, an attack is inevitable. The statistics don’t lie: a staggering 50% to 60% of organizations admitted that they’ve suffered from a cyber-attack in the last few years. Sounds like a lot, right? Most of these attacks also reportedly disrupted major business operations. One prime example is the terrible case of the Colonial Pipeline, which in 2021 became infamous around the world. For five days, all system pipelines were down because of that ransomware attack. 

In reality, attackers' motivations vary ⎯ from stealing a company’s money to discrediting the brand's image in the market. Some effects of cyberattacks include:

• data interception
  
• data theft
  
• system failure
  
• product degradation
  
• cargo loss/delays
  
• endangering workers
  

Many of these unpleasant consequences can lead to a halt in business operations, loss of revenue, blackmail, сorporate secrets disclosure, and so on. Sadly, 60% of all cyberattacks on small businesses cause the company to close down. While risks are present for any Enterprise, they are heightened for those with an extensive IoT ecosystem. 

The IoT Ecosystem is like its own complex community ⎯ Connecting equipment, sensors, networks, servers, and ultimately people ⎯ For the optimization of resources, manufacturing, and business processes. As a result, companies must take constant action to protect their "community" because attackers are highly-skilled at stalking and exploiting the weak members. From there, they gain access to the entire ecosystem. This problem is exacerbated by a complete lack of standard security approach for Enterprise IoT solutions, meaning that companies are often forced to cobble together a system of their own. The outcome is typically insecure, vulnerable, and underdeveloped. 

 Since IoT devices are always online, they are always visible to hackers. Among the most vulnerable parts of the IoT infrastructure are:

• supervisory control and data acquisition devices
  
• programmable logic controllers
  
• distributed control systems
  
• web and mobile interfaces that provide human-machine interaction

For attackers, these points represent the easiest path to  sensitive data. After all, the most common problem with these components is the risk of data leakage due to poor encryption and authentication. Another pain point has emerged recently with the general transition to remote work. Employees’ home devices are more vulnerable than the corporate equipment because of their inability to provide an appropriate level of security off-premises. At home, the risk of using an insecure network or a weak password to enter into the corporate system is significantly higher.

The vast majority of IoT security breaches involve malware, ransomware, social engineering, or gaining physical access to network-connected devices while on premises. Physical intervention is the most dangerous, and, oddly enough, the most frequent way of attack. In view of this, we see that it is necessary to protect the network, software, the cloud, and the devices themselves. 

In summary, there is, unfortunately, no standard approach to developing IoT security solutions. There is no magic pill to provide immunity to your IoT Ecosystem. First of all, you need to bear in mind that security is not additional, but a key factor of implementing IoT solutions in an Enterprise. The infrastructure of the ecosystem is complex enough in its own right. Devices, sensors, actuators and servers are connected to the same network and operate with a tremendous amount of data. It is the data that we need to protect in the first place: data about the company, employees, income, and so forth. For this reason, it requires better equipment and more thoughtful security policies.

Since the first step is uploading data to the IoT ecosystem,  it is essential to determine specific actions to take if a cyber attack does occur. Backup your data, for one. In case of a breach, you’ll have a much better chance of recovery. You don’t have to back up everything. Start by identifying the critical data needed to restore the entire IoT ecosystem after an attack. Then, establish a policy for how long to keep information from backups on file. Finally, make sure that data input and output are accurate and secure.

With so many devices, the connection with some of them could get lost. Surprisingly, many cyber attacks on an Enterprise come from an untracked internal device. The lack of visibility and permanent Internet connection makes it impossible to track the device's activity, communications, and updates. It is, therefore, crucial, to ensure that all devices in the IoT ecosystem are visible and you can control the data and incoming traffic. Especially if the ecosystem has recently grown, it may be worth doing a device inventory.

Although it may seem easy to manage a non-segmented network, it increases the chances of being compromised because it creates one large surface for attack.  As this network grows, it becomes increasingly difficult to secure each device. A network that isn't segmented allows attackers to access data from any device and move horizontally to launch a system-wide attack in search of sensitive and confidential data. By deciding to split the network into segments and microsegments, you can not only better control the traffic between certain zones to stop ransomware infections, but also increase the performance of the whole system. 

A good idea for a small business is to use a firewall to segment the network. This application allows you to weed out potentially dangerous content and connections by filtering Internet traffic. In this way, we can configure access to certain ports and with certain expected traffic. We then determine which port can be accessed from the headquarters, and provide access to the sensitive data only for particular devices. For mproving the security and the structure of the IoT ecosystem, this option turns out to be too complicated and costly. For these cases, we recommend implementing virtual segmentation using VLANs and ACLs. These solutions can effectively filter outbound and inbound network traffic, supporting a highly scalable and agile environment.

Even though the lack of data encryption is usually the cause of Man-in-The-Middle attacks, more than 90% of the data flowing through the IoT ecosystem were not encrypted in 2020. By tapping into such traffic, a hacker can penetrate into devices, as well as between a device and a large network, to steal or switch out the data flow. Obviously, all sensitive data transmitted over the IoT network or stored on its servers have to be encrypted. To complicate matters, data is often in motion, being transmitted from hub to gateway and from gateway to cloud, and beyond. Accordingly, the information should be encrypted both during transmission and at rest. 

Using the Public Key Infrastructures (PKI) with digital certificates is a suitable solution for this issue. PKI is able to encrypt huge amounts of data, which is convenient for IoT Enterprises. Leading manufacturers of IoT security solutions understand the importance of PKI and implement it in their products. Therefore, when implementing third-party IoT solutions for your Enterprise, pay attention to the PKI.

Not all IoT devices support updates. Meanwhile, system updates are the optimal protection against software vulnerabilities, which makes them protected from ransomware attacks. Sometimes it becomes problematic for IT personnel to monitor all the devices connected to the IoT ecosystem and keep track of updates for each of them.

Make sure that the IoT solution that you are going to implement will get regular updates and check them frequently. Also, you should pay special attention to the process of updating devices in the IoT ecosystem itself. The major step here is to encrypt the connection and protect update files. This is necessary so the attacker does not take advantage of the downtime that occurs during an update when the device sends its backup files to the cloud.

Consider which employees should be given access to which systems. For example, employees in junior positions should definitely not be given access into the central controller. Only people you trust such as the executive board should have access to confidential information. Require adequate security measures from every service provider in the IoT ecosystem, such as hosting providers, mail servers, monitoring tools, programming libraries, etc. Consider a strong authorization system within the IoT ecosystem, and clear the default settings. 

If employees still use passwords, we strongly recommend going passwordless, since about 80% of data breaches are due to poor password security. Use Passwordless Multi-Factor Authentication, which is an efficient, simple and secure protection against brute-force attacks, phishing, man-in-the-middle, and ransomware infections. Using tokens and biometrics leaves no chances for an attacker to steal credentials and get access to the system. 

Perhaps this paragraph should have been put first on our list, because human mistakes and negligence are one of the most common reasons for hacking. Before implementing the IoT ecosystem, explain to your team the features of Enteprise IoT solutions and its cybersecurity issues. Also, create a robust cybersecurity policy that will be successful within the company. 

The optimal way to maintain cybersecurity is to know as much as possible about the current state of the system. In fact, manufacturers of Enterprise IoT solutions test them before releasing them to the market. You can also check them by conducting a manufacturability test. This test will ensure that the application is operating as it should. 

The vulnerabilities can be effectively detected during the penetration testing. To perform this, you need to hire a group of white hat hackers who will try intentionally to hack into your system. This way of checking security is especially valuable for the cloud solution that provides non-stop connection to the Internet. Penetration testing here is the most reliable, albeit expensive, way to be sure of the security of the system. As an alternative, you can use automated testing, which can even be offered for free. You can take automated testing more often than penetration testing.