Security and Trust Issues in IoT

Pod Group
Security and Trust Issues in IoT
Illustration: © IoT For All

COVID-19 normalized working from home across a number of industries, which has been welcome news for many. However, one of the unintended consequences of the switch to the home office has been a huge increase in security threats. A survey from Atlas VPN suggests that almost 80 percent of businesses worldwide have suffered from increased security breaches as a result of staff working remotely.

Such is the impact of ransomware that Mandiant, one of the market leaders in resolving issues caused by attacks, are swamped with demand for its services and can no longer cope with it, as their CTO revealed in an interview with NBC News.

While security has always been a consideration for many enterprises, it has not been the number one priority, with security considerations often being added in the developmental stage. However, with the past decade showing a massive increase in malware attacks (up 6500 percent), a change must be made.

Security Issues in IoT

The IoT industry is predicted to expand exponentially in the coming years but cannot possibly continue to exist without putting in place reliable end-to-end security measures. The IoT market is so diverse that a flexible security framework and light-touch regulation are necessary in order to guarantee the security of the market, while also encouraging growth and successful development.

It is quite paradoxical that securing IoT has proven such an impossible task when doing so seems fundamental to its functioning. Until recently, legislation on-device security has been inconsistent geographically, with different laws introduced in different states and countries.

IoT also brings its own set of peculiar challenges. The variety in IoT devices is great, and many are small in size and memory capacity. As a result, these devices lack the complex processing capabilities necessary to support cryptographic functionality, and, in some cases, their operating systems cannot be updated to cope with new threats. All of this, along with their tendency to be located in vulnerable locations, makes IoT devices easy targets for tampering and leads to an abundance of security issues in IoT.

IoT Security Solutions

One of the ways IoT has sought to tackle these issues is with the development of eSIMs. Evolved from removable SIM cards, the eSIM is permanently soldered into an IoT device’s motherboard. It acts as the device’s admission ticket to the internet or appropriate network. Because of the way the eSIM is embedded (hence the e) into the device, they are physically tamper-proof, unlike a traditional removable SIM card.

The eSIM can also contain customizable applets, adding extra levels of security to the data being transmitted and received. The eSIM acts as a kind of security service for IoT, ensuring the transmitted data is genuine. Furthermore, eSIMs can be updated with new settings remotely, enabling them to cope with new threats as they emerge.

Another security solution within IoT is the creation of private LTE networks, also known as private cellular networks (PCNs). Wi-Fi has coverage issues over large areas and more importantly, security flaws. PCNs are able to provide network coverage over a large area while offering the same security offered by cellular coverage.

A private network could also be located behind a corporate firewall, meaning the network can bring data together from multiple systems without relying on the public internet. Furthermore, a connectivity service provider, like an Enterprise Network Operator (ENO), can recognize and isolate any bad actors that do manage to get inside the system.

Security by Design

Cybersecurity cannot continue as it has done and the importance of being cyber risk-aware at all times cannot be understated. Companies must take it upon themselves to embed security from the beginning and at every stage of the IoT value chain, rather than retrofitting it as an afterthought. This methodology, known as Security by Design, is vital in order to enable a secure and trusted market that all stakeholders can rely on for security issues in IoT.

Only in this way can enterprises build trust, protect their customers, and respond to emerging requirements with a unified and collaborative approach. Trust must be the creed upon which IoT is founded, not just at the enterprise-customer level, but also between devices in any network. After all, how can we connect billions of devices and harness them to work together without trust?

Pod Group
Pod Group
Pod Group, A Giesecke+Devrient Company, is an Enterprise Network Operator (ENO) dedicated to providing IoT connectivity solutions to put the ownership of the IoT network into the hands of the enterprise by offering managed services on both public ...
Pod Group, A Giesecke+Devrient Company, is an Enterprise Network Operator (ENO) dedicated to providing IoT connectivity solutions to put the ownership of the IoT network into the hands of the enterprise by offering managed services on both public ...