IoT Security Starts with Education

IoT security.  For this column I really want to talk about how IoT security impacts the manufacturing industry since that is what the main feature here really addresses as well. And as you will see our Website is focusing more on taking a closer look at the content in a particular area and drilling down even deeper to help you understand how it will impact your bottomline in the year ahead when looking at bigger solutions such as artificial intelligence, augmented reality, big data, data intelligence, Industry 4.0, machine learning, virtual reality, sensors, and cybersecurity.

Back in November 2017, you may remember I explored how manufacturing and, specifically, how remote-monitoring technologies are making a difference in this space. For those of you that might have missed that column, let me quickly highlight some of the latest stats.

First, connected factories will likely double in the next five years. This is according to the 2017 Manufacturing Vision Study from Zebra Technologies. It says 88% of those surveyed see growth on the horizon, expecting to experience increased revenue in the next five years. That means manufacturers are adopting the IoT for a variety of reasons, including the desire to increase flexibility, visibility, and product quality.

Clearly, if the number of connected factories is expected to double by the early 2020s, there are some transformational shifts happening in this industry. But transformation isn’t going to just happen on its own. All of these predictions for IoT growth and adoption—however well founded they may be—rely on certain wrinkles ironing themselves out.

For instance, barriers to IoT adoption in the industrial arena include complexity of the technology, budget restraints, a lack of information technology resources, and security. If efforts aren’t made by the industry at large to remove some of these roadblocks for manufacturers looking to connect their factories, adoption just won’t hit the projected target.

Let’s look a little closer at the security. As I have already reported, 44% of manufacturers in the latest vision study cite security as a prohibiting factor in adopting IoT technologies. And that makes sense. Manufacturers’ data often includes designs, blueprints, or other information that, if stolen, could cripple a business by essentially handing its trade secrets to a competitor.

According to a Deloitte study that examined cyber risk in advanced manufacturing, 39% of manufacturers had experienced a breach in the 12 months leading up to the survey, and 38% had suffered financial losses as a result. When nearly four out of 10 manufacturers experience security incidents throughout the course of one year, you better believe these guys are a bit nervous.

Almost half (48%) say they lack the funding to pursue adequate security, and a whopping 75% of manufacturers say they lack skilled cybersecurity resources. To me, this indicates a shift needs to happen in the manufacturing c-suite.

Security needs to be a top priority, and according to the research, too many manufacturers are not prioritizing it. That can only lead to nothing but trouble, if not financial loss for many manufacturers—both large and small.

The money has to be found somewhere to put safeguards in place that protect sensitive data and to hire skilled workers who can help monitor and secure devices, systems, and data. And, really, manufacturers just need to do their due diligence.

While nearly half of manufacturing executives lack the confidence that they are protected, they don’t seem to be taking the kinds of common-sense steps it takes to be secure. Some 35-45% of manufacturers leverage connected devices, but only half (55%) of those encrypt their data, according to Deloitte. And 50% perform ICS (incident command system) vulnerability testing less than once a month.

What’s more, 37% don’t even include IoT connected devices in their incident response plans, which if you think about it is a critical oversight.


Education may need to play a role here. It’s possible that a good chunk of this industry is not aware of the evolving threats they face when they go up against cybercriminals. Or I have written about more than a dozen of time, the world is full of bad actors. And we need to face it, we are running into more and more cybercriminals that are holding our information hostage. It’s even possible that some more guidance is necessary in the form of legislation.

While I am optimistic about the IoT Cybersecurity Improvement Act of 2017, which is a bipartisan legislation meant to help improve the cybersecurity of Internet-connected devices, we still have a long way to go. While there is some direction here for minimum security requirements such as relying on standard protocols, and devices can’t contain hard-coded passwords; there is more that needs to be done.

The good news, if this passed, it would help create some industry best practices that would benefit the whole industry. If passed, the bill would also promote cybersecurity research, which would be great for all. But we still need to continue to push to educate people who are leveraging (or who want to leverage) the IoT about security and what they can be doing to prevent data breaches.

Still, one of the biggest cybersecurity threats facing companies are their own employees. Deloitte’s survey suggests four of the top 10 cybersecurity threats facing manufacturers today are directly attributable to employees, including phishing and pharming, direct abuse of it systems, errors and omissions, and the use of mobile devices.

It seems like we have been saying the same thing for years, but the fact still remains the problems are not resonating with employees or management to act accordingly.

Educating the higher-ups about the need for investment in security and educating employees about the ways they can prevent cybersecurity incidents could go a long way in helping manufacturers to keep their data secure.

It’s worth the hassle … because the alternate is far more devastating for sure. We need to care about what happens to our manufacturing industry. We all need to do whatever we can to help limit the manufacturing industry’s exposure to undue risk. The IoT can revolutionize how we manufacture things—it already has, but there is more to come. And yet, the threats are real when it comes to cybersecurity. The key is to acknowledge the risk and be prepared. Are you?

Want to tweet about this article? Use hashtags #M2M #IoT #security #cybersecurity #cyberattacks #blockchain #Industry4.0 #bigdata

By |2018-01-03T21:57:10+00:001/10/2018|

Leave A Comment