WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

{{ moduleLabel }}
{{ label }}

State-of-the Union – IoT (in)Security

WIBU-SYSTEMS AG
MarketingWIBU-SYSTEMS AG on April 26, 2023 at 1:56 PM

The World Economic Forum recently released a new report on the State of the Connected World 2023, a publication that tracks governance gaps related to the Internet of Things (IoT). More than 270 international experts were interviewed to gain an understanding of the current state of the IoT, particularly in light of the increase of damaging cyberattacks and data breaches. The report evaluated 6 areas of concern: ethics and integrity, cybersecurity, equal access, environmental sustainability, financial and operational feasibility, and interoperability and system architecture.

The report defines a governance gap as “the difference between the potential risks posed by a technology and society’s efforts to safeguard itself against these risks through laws, industry standards and self-governance approaches designed to achieve the greatest potential benefit of that technology for society as a whole.”

The report presents some interesting data, conclusions, and recommendations and deserves thorough reading. For the purpose of this post, I will focus on Wibu-Systems’ greatest area of concern – cybersecurity.

Cybersecurity

The report claimed that the proliferation of connected devices has made organizations, governments, and end users increasing susceptible to cyberthreats, evidenced by the recorded 1.5 billion IoT-target attacks globally and a 15% increase in data breaches in the first half of 2021.

Seventy-Three percent of those surveyed were either not too confident or confident at all that users of connected devices and related technologies are protected against cyberattacks. Several reasons for this lack of confidence were given: underdeveloped regulatory frameworks, rapid expansion of markets and companies in IoT and related technologies, technical limitations, lack of knowledge of end users, insufficient incentives for companies to protect users, and lack of standardization.

The implications of these threats and data breaches are severe. The report noted:

  • Financial losses reaching $10.5 trillion by 2025
  • Physical harm – increasing attacks on critical infrastructures, including utilities, schools, and hospitals
  • Reputational damage – according to a Forbes Insights report (Fallout: The Reputational Impact of IT Risk), 46% of organizations suffered reputational damage from a data breach and 19% suffered both reputational and brand damage due to third-party security breaches.
  • Productivity loss – cyberattacks create disruption or complete shutdown of processes, resulting in financial and productivity losses.

One of the key security issues identified in the report was that security considerations are typically addressed in the latter part of the design and prototyping phase, leading to vulnerabilities, and allowing malicious actors to breach connected systems and devices. Furthermore, the notion that security measures can be “add-ons” has strongly contributed to the reactive nature of cybersecurity vs. a proactive, security-by-design development approach.

Action Items

The authors concluded that the persistent governance gaps in standardized security and safety measures, as well as the fragmented policies and regulation surrounding cybersecurity, must be urgently addressed in the following areas:

  1. User awareness and education – users must be provided with the necessary education and training to ward off bad practices and avoid mistakes that may cause serious loses and adopt best practices, such as stronger password and authentication mechanisms, to help protect digital infrastructure.
  2. A unified approach to IoT and related technologies – governments and industries must create and follow common shared standards in their cybersecurity practices.
  3. Incorporation of security by design and by default, not by response – organizations and governments should focus on building a robust cybersecurity infrastructure from the design phase of a product to make systems as free of vulnerabilities and resistant to cyberattacks as possible.
  4. Policy and regulation – robust policies and regulations, including guidelines, standards of behavior, and best practices, must be in place to protect IoT and connected devices. Policymakers should be adaptive and work alongside experts in the field to develop these standards.

Wibu-Systems has been an early adopter and evangelist of a security-by-design approach for connected systems and devices. For additional reading and reference, we have several publications focused on IoT/IIoT security:

White Paper – Licensing and Security for the Internet of Things

Use Case – Securing the Backbone of Connected Industry

eBook – Security 4.0 by Default – Grown 4.0 by Design

Technical Report – Industrial Internet Security Framework

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Katzbergstraße 3, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.