By Joe Robertson, Director of information security and EMEA CISO at Fortinet
The way businesses operate is changing as a result of digitization. Because it is the fourth manufacturing revolution, this transition is often referred to as the Fourth Industrial Revolution or Industry 4.0. Mechanization was the first industrial revolution, followed by mass production and assembly lines powered by electricity, and finally, the introduction of computers and automation.
The Fourth Industrial Revolution has arrived, with firms undergoing a digital transformation characterised by automation, artificial intelligence (AI), and rapid technical innovation. With automation and data interchange, such as the Internet of Things (IoT) and the Industrial Internet of Things, industrial processes and machines are becoming smarter and more modular (IIoT). These intelligent, always-connected gadgets deliver real-time contextual information with minimal overhead, allowing businesses to streamline operations and improve how they interact,live and work.
It’s no surprise that McKinsey predicted that investments in IoT technology will expand at a 13.5 percent annual rate through 2022. The rise of the Internet of Things is contributing to a surge in manufacturing and industrial data. This information is being gathered and analysed in order to boost productivity, track activities, and improve predictive maintenance. Because IoT and IIoT devices handle so much business-critical data, enterprises must take precautions to protect their equipment.
Cybercriminals have taken notice of digital, and are looking to exploit IoT and IIoT as weak links in the data chain. Even the finest businesses are challenged by the growing volume of structured and unstructured data created by these devices, as well as their frequently abnormal behaviour spanning worldwide ecosystems. The fact that many of these devices are wireless (WLAN or 5G) and have communication routes to their manufacturers for maintenance and troubleshooting can make them a possible backdoor into the production network further complicates the matter.
The majority of businesses are unprepared for IoT and IIoT device risks. Traditional siloed security solutions face a significant challenge due to widespread interconnectedness across devices, users, and distant networks. Concentrating defences on a single network node is becoming less and less effective. Cybercriminals can take advantage of blind spots created by a lack of single-view visibility across devices, users, and the entire network. According to an EY survey, nearly half of businesses are concerned about their inability to track security across IoT and IIoT assets, keep them virus-free, and fix vulnerabilities. Comingling IIoT devices with wired devices on the same network segments adds to the complexity, making it difficult to know exactly what is linked where.
In terms of security, IoT and IIoT devices pose a lot of threats. The majority of these gadgets were not developed with security in mind, which is one of the issues. Many of them are headless, meaning they lack a typical operating system as well as the memory and processing capacity necessary to implement security or install a security client. Furthermore, an alarming percentage of gadgets have hard-coded passwords in their firmware.
As a result, many IoT devices are unable to be patched or upgraded. Even when security can be placed on the device, the underlying installed software is frequently hacked together from publicly available code or is untested, which implies that most installed security tools can be bypassed by leveraging a wide range of known flaws. Furthermore, most IIoT and IoT devices are either limited or non-configurable. When devices are hacked, most IT businesses believe they are unlikely to identify the incident before it has an impact on their systems and data.
Authentication, key and credential management, and other capabilities are being promoted by some businesses to address these concerns. However, these tools must be thoroughly evaluated, incorporated into the network architecture, and regularly updated, controlled, and monitored. So, what is the solution? It’s not enough to bury your head in the sand. Most organisations rely on IoT and IIoT devices, and they’re here to stay. It’s critical to think of IIoT as a part of your overall security strategy rather than as separate components. Here are a few more suggestions for safeguarding this technology:
Unfortunately, IIoT devices aren’t always designed with security in mind, and securing every device on your network might be difficult. As a result, enterprises must act quickly to defend their systems against assault.
A new generation of solutions is assisting companies in dealing with today’s ever-increasing attack surface, providing not only network visibility but also policy enforcement and dynamic policy control. Regardless of whether devices connect from inside or outside the network, they can detect and respond to hacked devices or unusual activities automatically.
Fortinet has created technologies, services, and tools that are specifically designed to fulfil the operational and regulatory needs of industrial and manufacturing networks. The Fortinet Security Fabric technology takes a cybersecurity mesh architectural approach, with centralised management and a unified context-aware security policy that enables total visibility and granular control throughout the whole business.