By Pat Pickren, Vice President of Product at LocatorX
Internet of things (IoT) applications are transforming enterprise efficiency – but they’re also introducing new threats.
As IoT apps progress toward a potential $11 trillion economic impact by 2025, businesses are increasingly benefiting from IoT-driven technology like smart labels.
But cybercriminals also see an opportunity in the IoT market, developing sophisticated new strains of IoT-focused malware. In order to truly benefit from IoT tools, businesses must deploy a strategy to avoid these emerging risks.
The promise of IoT
Today’s savviest companies are embracing IoT to create efficiencies in the workplace, increase productivity and remain competitive within their industries. And that should come as no surprise – the benefits of IoT are numerous and well-documented.
IoT technology can help reduce operating costs, enhance operational efficiency and strengthen customer service and experience. Most importantly, investing in next-gen solutions like IoT will free up your workforce, giving employees more time to ideate, innovate and outpace the competition.
One space where IoT is rapidly creating new efficiencies is within the supply chain. Internet-enabled assets can be tracked and managed down to an individual level, providing real-time visibility of products as they make their way through the supply chain.
Smart labels, which can be attached to essentially any product from drones to avocados, provide valuable information to manufacturers, distributors and consumers through a simple smartphone scan.
Aside from the obvious logistical advantages, smart labels can also help manufacturers reduce the number of counterfeit products in the market, minimize product diversion and deter theft. From the consumer’s perspective, access to a full history ensures a product is safe, genuine and in good condition, which verifies its legitimacy and establishes brand trust.
The risk of IoT
But, as is often the case with emerging tech, there are risks involved with IoT applications. Connecting anything to the internet automatically opens up the possibility of security and privacy threats. And as more connected devices enter the market on a daily basis, more opportunities for cyber criminals to attack are created.
According to their mid-year report, the security firm SonicWall observed 13.5 million IoT malware attacks in the first half of 2019 alone – a 55% increase compared to the first half of 2018. Recent news detailing hackers’ latest exploits include reports of attacks on smart meters and plans to target internet-connected gas pumps. Earlier this month, a 21-year-old Washington man pleaded guilty to hacking more than 800,000 home routers, security cameras and other IoT devices.
Now that virtually any object is capable of connecting to the internet, that means virtually any object is capable of being hacked. If we return to our supply chain example, we can envision a potential scenario in which hackers attack IoT-based inventory systems, rerouting deliveries to aid product theft, costing manufacturers both money and consumer trust.
In large part, the notoriously weak security on IoT devices is to blame. A new report from security firm Zscaler found that over 90% of data transactions on IoT devices are unencrypted. Common IoT devices including healthcare tools, traffic light control systems, home routers and smart home products have very little security. Botnets are easily capable of exploiting these remotely accessible and unsecured devices, especially those with factory-set or easy-to-guess passwords.
IoT best practices for businesses
As cybercriminals mount increasingly sophisticated IoT-based attacks, businesses need a proactive strategy. These tips will get you started:
Know the basics: As we’ve seen in the examples above, hackers target IoT devices with weak security. A few simple steps – like changing default passwords, establishing manual override and continuously updating and patching software – can go a long way in malware prevention. Similarly, a Virtual Private Network (VPN) is one of the best methods for encrypting your internet traffic.
Invest in public-key cryptography: Currently, the only proven tactic to prevent or lessen data breaches is the public-private key exchange, where public keys may be disseminated widely while private keys are known only to the owner. For example, the smart labels mentioned above contain certified QR codes (also known as 2D barcodes), which securely track and share data via a globally trusted gateway site. When a manufacturer, distributor or end user scans the code, their internet-connected device can connect to a cloud service acting as a product certificate authority to confirm the authenticity of the product. The product certificate authority then becomes a central hub for safely tracking products and sharing data on the product.
Seek out trusted partners and solutions: You might not be a cybersecurity expert, and that’s OK. But you should find partners you can trust at every organisational level, from the suppliers you’re working with, to the facilities where your product is manufactured, to legal advisors who know the current regulatory rules inside and out. When comparing specific IoT solutions, look for those that integrate tracking, validation and security into all of their offerings.
IoT is essential for almost any industry to stay competitive today, but malware attacks don’t have to be inevitable. The internet of things is here to stay, so take your time when assessing options to ensure safe, trusted and secure solutions for your business.
About the author
Pat is the Vice President of Product at LocatorX, responsible for LocatorX’s growing product management team. Pat oversees LocatorX’s product initiatives and brings a wealth of knowledge and experience to the role.
Previously, Pat was with Ultimate Software for over 12 years in product management – most recently as Senior Director of Product Strategy. In his nearly 20 year career, he has experience working with software and technology companies such as Ceridian and RSM McGladrey Employer Services.