Axon Consulting Partner, Álvaro Neira Rey, moderated the ‘Cybersecurity in IoT’ panel at 5G Techritory in Riga, Latvia last week and covered the challenges and risks facing the world as IoT devices boom.
With the exponential growth of IoT devices expected to reach 27 billion by 2025, the risks associated with their implementation have become increasingly critical. In this panel, experts in the field provided valuable insights into the future of cyber security in IoT and discussed effective strategies for mitigating the risk factors.
- Egons Bušs – Security Director, LMT
- Edgars Kiukucāns – Director of the Cybersecurity Policy Department, Ministry of Defence of Latvia
- Didzis Ozoliņš – Systems Engineer, Palo Alto Networks
- Dmitrijs Ņikitins – CTO, Tet Ltd.
Kicking off proceedings, Álvaro said: “IoT presents enormous opportunities for growth and progress, but it also exposes us to new and evolving threats. These threats include privacy violations, data breaches as well as the potential for malicious actors to take control over critical systems. The need for a robust IoT ecosystem has never been more pressing.”
The panel touched on how many IoT devices run on unsupported grounds on top of unsupported operating systems. Furthermore, the release of security fixes and software updates is rare, which in turn means that over time IoT devices become more and more vulnerable.
From this perspective, IoT devices are like a low hanging fruit and a stepping stone to get good inside an organisation’s network. Consequently, it becomes possible for an attacker to move horizontally and discover new, potentially critical or sensitive information.
The upshot, IoT security cannot be neglected, something as simple as the printer in an office may not be as innocent as it appears – in fact, it could provide a gateway or entry point for malicious attacks.
What are the most significant security risks and challenges when it comes to IoT devices and networks?
An interesting point that came from the discussion was that many organisations do not actually know how many devices are currently connected to their network, and even worse, they don’t know which of those connected devices are legitimate.
Many organisations also rely on network security tools like firewalls to protect IoT devices. The problem with this is that, nowadays, more and more traffic is encrypted, so it needs to be decrypted in order to inspect and to see what’s going on, however, not everything can be decrypted on the firewall for technical reasons so there are some challenges from this perspective and organisations may potentially miss threats to the network.
What is being done to advance IoT security?
The topic on IoT security is jumping up the agenda for governments throughout the world. In the EU for example, the Cyber Resilience Act, which is a proposal by the European Commission. The basis of the act is to set minimum security requirements for connected devices, but also make manufacturers responsible for ensuring that their products are digitally secure, while enabling customers to have greater information regarding the security of the devices.
Overall, although we are seeing advancements in IoT security technologies and IoT cybersecurity is not a problem that should be solved by any single entity or technology – it requires a collaborative effort from governments corporates researchers and individuals.