IoT security risks in industry

The deployment of millions of IoT devices across key industries such as Financial Services, Government, Healthcare, Manufacturing, and Retail has provided a snapshot of the current state of enterprise IoT cybersecurity. The large-scale adoption has highlighted both the benefits of IoT technology as well as the potential threats that must be addressed to enable secure and resilient operations. Firms such as Forescout have conducted detailed analyses of these deployments and issued reports to highlight major cybersecurity concerns.

Among the findings is that certain categories of IoT devices are most threatening since they are very susceptible to cyber-attacks. Of such categories, smart buildings, medical devices, networking devices, and VoIP phones are identified as the most threatening. This is because these devices have limited security controls, are part of a bigger network, and at times may have vulnerabilities that are difficult to repair or secure effectively. For smart buildings, HVAC systems, security cameras, and access control systems are some of the potential channels through which attackers can have unauthorized access to critical infrastructure. Medical devices do so directly threaten the safety of patients if compromised because they normally regulate life-sustaining systems or track major health indicators.

Six out of the top ten most dangerous IoT device categories are also categorized under medical devices and networking gear. This is indicative of the need for better security measures within these categories. In medicine, devices such as infusion pumps, patient monitoring devices, and imaging devices are typically networked to enable real-time data sharing and improve patient care. However, with their connectivity comes the threat of cyberattacks that could disrupt healthcare services or steal sensitive patient data. Networking equipment like routers, switches, and firewalls form the backbone of enterprise networks, and vulnerabilities in these devices have a snowball effect, allowing attackers to access and manipulate entire sections of the network.

A second significant finding indicates that Windows desktops pose a huge security threat to organizations, particularly in industries like manufacturing and healthcare. Astonishingly, over 30% of managed devices within the manufacturing sector and over 35% within healthcare are operating on unsupported versions of Windows. These older platforms no longer receive security updates and patches, which makes them highly vulnerable to being exploited by cybercriminals. Thus, these workstations are the first choice of hackers, like sitting ducks for the picking.

In manufacturing, a compromised workstation can shut down production lines, costing valuable downtime and significant revenue loss. In healthcare, the situation is more dire, with compromised workstations used to gain access to and compromise electronic health records, modify or disable medical equipment, or even take critical services offline, putting patient care and safety at risk.

This issue pervades the healthcare industry to other sectors within industry facing the same problem. In January 2024, for instance, ransomware group Cactus struck the multinational energy management company Schneider Electric and allegedly stole a whopping 1.5 terabytes of data. It was their third ransomware assault on the company within 18 months, highlighting the ongoing and intensifying nature of the threat.

These incidents underscore the need for organizations to update and lock down their workstations, since the cost of not doing so can be economically devastating as well as dangerous to human health. Proactive measures such as regular updates, comprehensive patch management, and robust network defenses are necessary to minimize the risks of unsupported operating systems.

Finally, the analysis revealed that commonly accessed network services such as Telnet are ubiquitous across the five industry verticals polled. Telnet is an older network protocol that transmits data in plaintext and is therefore inherently insecure and open to interception and unauthorized access. Despite having more secure alternatives like SSH, organizations employ Telnet due to legacy or operational constraints. The presence of such insecure protocols in different sectors indicates that organizations must employ more secure communication methods and implement network segmentation to limit the impact of potential breaches.

DIGEST addresses these cybersecurity concerns by promoting a secure approach for disseminating significant data to relevant stakeholders without requiring direct access to the industrial assets themselves. This approach helps minimize the need for VPN access from external sources, thereby reducing potential entry points for cyberattacks.

By limiting remote access pathways, DIGEST enhances overall network security and mitigates the risks associated with unauthorized access or exploitation of vulnerabilities. This proactive strategy ultimately contributes to higher safety levels by fostering a more controlled and secure flow of information between industrial environments and external stakeholders.