https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Getty Images

IoT Security

A Human Prescription to Internet of Things Security

Implementing an Internet of Things security strategy requires confronting cultural as well as technical challenges.
  • Written by Marcia Elaine Walker, SAS
  • 18th November 2018

While Internet of Things (IoT) technology is much talked about for its transformative business applications, especially in manufacturing, the ominous threat of cybersecurity causes some to skeptically view such a broad network of devices, sensors, software and connectivity. A stream of news reports detailing massive data breaches validates the danger inherent to IoT challenges.

With estimates that connected devices could reach 20 billion to 30 billion by 2020, up from 10 billion to 15 billion devices in 2015, according to McKinsey and Co., the risk will surely grow. In my IoT conversations with enterprise IT leaders, the number one concern they express is security.

But digitally-driven organizations can take valuable steps to maintain data integrity from a source through any point of analysis and decision support, both central and local, to enhance confidence that data assets are secure. Surprisingly, though, the most important steps in addressing Internet of Things security might have less to do with technology and more to do with corporate culture and employee behaviors.

So, what are some of the most important Internet of Things security measures a manufacturer can implement immediately to help keep data and networks more secure? Let’s look at the most important ones.

Assess culture. The most vital step and one that requires little or no incremental cost is an honest cultural assessment. Ask open questions, perhaps using a tool that allows for anonymity, about the practices that drive users crazy and motivate them to create the dreaded “shadow IT.”

For example, if it takes four weeks for the IT department to generate a customer report for the shipping department, the shipping team may maintain their own copy of customer data on a cloud storage site. Anyone on the shipping team can now download the customer data file to their laptops to get their weekly staff reports done in time for the staff meetings. But consider the risk to your organization if one of those laptops is lost or stolen.   

Honest metrics. Similarly, take a hard look at organizational metrics, and ask what kind of behaviors they drive that could be counterproductive to security. If maintenance engineers are on call and investigate every alarm, regardless of severity – even if it happens at 2 a.m. – they might very well be motivated to install a 4G-enabled video camera to keep an eye on the facility from home. This seemingly harmless hack would allow them to “check things out” without driving across town in the middle of the night.

However, those sleep-deprived engineers might not inform IT about this workaround. A 4G hotspot—or the camera itself—might be installed in a way that unfortunately provides hackers an entry point to the rest of your organization. Look at your organization holistically and remember the human element.

Shadow IT. The best fix for shadow IT actions is an “amnesty period” allowing users to come forward and declare their unauthorized technology with no negative consequences. Their problems can then be addressed in a manner consistent with the company’s security strategy. Once this is completed and strong security implemented, it can also help to hire a “white hat” hacker organization to try to penetrate network defenses. An ethical hacker will think in ways that an insider won’t. Too often the weak points found will have more to do with human factors than the technology itself.

Ongoing cybersecurity. For the longer term, it is essential for an organization to understand that cybersecurity is an ongoing process – not a once-and-done exercise. Users tend to become complacent over time, so periodic spot checks are essential, as are regular formal security audits.

With or without budget constraints, effective cybersecurity training for everyone in the organization is essential, as is establishing a culture that values IT security. Believe it or not, some staffers still aren’t aware of the danger of clicking on a link received by email.

Furthermore, corporate leaders must demonstrate through their own behavior that it is normal and expected to question things. For example, model how to politely yet effectively question strangers in the hallways as to the purpose of their visit and who their employee contact is – then walk them over to that employee. Start each meeting with a security reminder to keep it top of mind just as manufacturing companies have done for many years around physical safety.

While it is true that the above security measures are valid for all technology deployments – not just IoT – it is even more true for an IoT-enabled enterprise because of the breadth of its reach. The human and cultural elements can make or break your IoT security strategy.

Marcia Elaine Walker is the Principal Industry Consultant for Manufacturing at SAS. Follow her on LinkedIn or @MWEnergy on Twitter. Follow SAS news @SASsoftware on Twitter.

Tags: IIoT/Manufacturing Security How-to Features

Related


  • Key Considerations for Smart Light Switch Development
    Experts from Silicon Labs and Jasco Products discuss some of the most important considerations to keep in mind when designing a smart light switch, from hardware selection to determining which features to include in the final product. It’s important to consider the size of the device and regulatory requirements because these will influence so many […]
  • Picking a Path: Build Versus Buy
    Every organization in our digital world must determine whether it is better to buy commercial off-the-shelf (COTS) software or build software that directly meets their needs. For many years, the argument has strongly favored buy. Historically, COTS has had several advantages: faster time-to-market, lower engineering costs, lower risk and immediate deployment for use. In this […]
  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.

2 comments

  1. Avatar Mark Ross 20th November 2018 @ 8:19 pm
    Reply

    Hello Marcia, enjoyed your article, would like to ask you a question. In the event that there is no 100% completely honest culture, what’s the best solution to preventing security break-downs?

    • Avatar Marcia Walker 26th November 2018 @ 2:31 pm
      Reply

      Mark: Thank you for your question. I believe no culture is 100% honest, in large part because no person is ever 100% honest with *themselves*. We see things through filter upon filter of expectations, experiences, beliefs, and patterns and thus even when we think we see or know the truth – we are probably mistaken. I can point to dozens of examples where I was completely certain that I was right about something – and I was completely wrong. In answer to your question a good starting place might be to ask, “How am I not being honest with myself?” “What might be here that I am not seeing?” and “If others are not being honest, why might that be and what can I do to change that?” Establishing an ethical culture is essential for sustainable organizations; the Ethisphere Institute has published interesting research here and also offers assessment and tips. Finally, it is important to take a good, hard look at power dynamics. Imbalances in power, whether real or perceived, can lead people to hide things out of fear. Training individuals with real or perceived power to be aware of the experiences and perceptions of those with lesser power can go a long way to getting everyone to open up.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • An Integrated Approach to IoT Security
  • Industrial Augmented Reality Promises Remote Support
  • Securing IoT at the Edge Is Key to Safe IoT Operations
  • Industrial Transformation Faces Rocky Road in 2020

Roundups

View all

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

This white paper by @braincubeEn explores how the changes of 2020 and 2021 are shaping the future of #IIoT. Learn w… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

UK Investing $50M for Self-Driving Buses, Vans dlvr.it/SR9QlJ https://t.co/sQdX2tJY4d

27th May 2022
IoTWorldToday, IoTWorldSeries

Dubai to Use Satellite IoT Terminals for Utilities Industry dlvr.it/SR9NQB https://t.co/GXf9Gx5RCw

27th May 2022
IoTWorldToday, IoTWorldSeries

@BerkshireGrey’s AI-powered next-gen warehouse robot is helping retailers by cutting times for order fulfillment, u… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

Access the insights on IoT deployments, emerging tech and new applications now. Sign up to our dedicated… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

Survey finds there's a lot of on-campus affinity for @StarshipRobots delivery #robots. dlvr.it/SR79YR https://t.co/73EaFPR6ft

26th May 2022
IoTWorldToday, IoTWorldSeries

That latest #IoT deals and partnerships news from @Google, @RedHat, @Arm, @SierraWireless, @ItronInc and more!… twitter.com/i/web/status/1…

26th May 2022
IoTWorldToday, IoTWorldSeries

@Ford is testing #geofencing tech that automatically cuts vehicle speeds. iotworldtoday.com/2022/05/26/for…

26th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X