With the growing popularity of internet of things (IOT), industrial control systems (ICS) have since turned to IP connectivity for the next stage of industrialization. These systems are often responsible for critical industries like gas, electric, and manufacturing plants -- and are now susceptible to the ills of poor IOT cybersecurity.
Cyber attacks against public or defenseless IOT systems have only increased since its adoption in 2013. As corporations of all sizes wholeheartedly embraced IOT systems, consumers were warned of its complex implementation and inevitable vulnerability to outside malware attacks. With IOT, attackers in search of crucial data or system control can now leverage cyberwarfare capable of disrupting entire industries and countries.
To avoid such onslaught, corporations should proactive in determining and correct defense pitfalls in their internet of things or industrial control systems. Perimeter security should evolve to address the mounting evidence in favor of stronger internet of things cybersecurity. Here are a few reasons to reconsider your current ICS/IOT cybersecurity:
#1 - ICS Systems are Becoming More Vulnerable
Organizations that depend on industrial control systems to operate effectively may be unaware that such systems are considerably defenseless. By 2016, the cybersecurity firm FireEye reported over 1500 vulnerabilities within industrial control systems via their annual iSIGHT Intelligence reports. Over half of these vulnerabilities were considered high risk to users, and targeted critical network equipment like switches, gateways, and interface converters.
IOT can increase the number of vulnerabilities in internet-connected ICS systems, leaving unsuspecting organizations open to attackers hunting for critical access points. With IOT, attackers can remotely exploit ICS vulnerabilities without needing to steal access privileges to targeted systems.
Companies can better secure their industrial control systems by improving user authentication processes, updating outdated hardware, increasing the amount of integrity checks, and monitoring third-party software (where applicable.)
#2 - Internet of Things Security Issues are Becoming More Complex
With IOT connecting more devices each year, Business Insider (BI) Intelligence predicts that there will be 24 billion IOT-capable devices by 2020. Such growth offers incredible benefits, like more efficient communication and implementation of tasks in and outside of the office. However, such growth can offer unavoidable security risks. When companies fail to configure or implement access controls, they leave themselves open to attack. But as IOT continues to advance, enforcing cybersecurity becomes more complicated.
Other security gaps like old firmware or release patches can create vulnerabilities in IOT systems. If an IOT manufacturer fails to provide support to less savvy consumers, more users can find themselves at risk. Users should consider IOT security and privacy to be their priority if they want to universally defend data and networks from attacks.
#3 - You’ve Already Been Exposed (and Don’t Know It)
Many companies utilizing ICS may have fallen prey to internet of things-related security risks without knowing it. According to a research report conducted by the UK-based security firm Positive Technologies, some unprotected industrial control systems can be accessed by Google or Shodan searches, and are increasingly exposed to the public every year. In fact, the firm determined a nearly 10% increase in the number of available IP addresses linked to ICS components in 2017, with key nations like Germany, China, and France left exposed to the public. Approximately 42% of internet-accessible ICS components were based in the United States alone.
Because industrial control systems can oversee important business processes, an ICS attack can mean more than lost revenue or production delays -- they can impact lives. Companies with ICS should take the steps to develop and maintain a defense policy that outlines how to keep their ICS components secure. This can include anything from installing security updates as they become available, and auditing their current system for security gaps.
An IOT attack isn’t always avoidable, but they can be preventable. By developing and executing a comprehensive cybersecurity strategy, companies employing healthy ICS or IOT systems can ensure that business operations continue smoothly, sheltered from the attackers that seek to impact businesses, countries, and livelihoods.
Sources:
http://www.computerweekly.com/news/252434299/Industrial-cyber-security-continues-to-be-poor-warns-report?
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ICS-Security-2017-eng.pdf
http://www.computerweekly.com/news/450416794/Six-key-security-weaknesses-in-industrial-systems
https://www.atlanticbt.com/blog/3-threats-and-3-benefits-of-the-internet-of-things/
http://www.zdnet.com/article/3-things-you-need-to-know-about-cybersecurity-in-an-iot-and-mobile-world/
https://hbr.org/2017/12/the-internet-of-things-is-going-to-change-everything-about-cybersecurity
http://www.dataversity.net/brief-history-internet-things/
https://www2.fireeye.com/WEB-Subversive-Six_RPT.html
