“How can I ensure my IoT system is secure?”
This question is top of mind for every business deploying an industrial IoT system. At Temboo, we use cybersecurity best practices to safely transmit and store data, such as TLS encryption, and advanced capability sandboxing to create layers of data access restrictions.
Creating a secure IoT system, however, goes beyond having a secure software platform. One of the most critical and overlooked challenges is creating a culture of cybersecurity within an organization.
At the 2018 NYSTAR Emerging Technology Showcase, Matt Plaks from Temboo’s Product Outreach team spoke with leaders in American manufacturing about cybersecurity and IoT. Here are the three key takeaways from his panel with other cybersecurity experts, including the Cybersecurity Coordinator at The Advanced Institute for Manufacturing, and the CEO of ComplyUp.
It is no longer the IT department’s responsibility to set up and manage cybersecurity standards (if it ever was).
As a strict software solution, Temboo and companies like us are only one piece of the cybersecurity puzzle. It’s critical that we start from a solid foundation in our understanding of what ‘cybersecurity’ encompasses.
So, what is cybersecurity?
Paul LaPorte, the Cybersecurity Coordinator at the Advanced Institute for Manufacturing, suggested that there are four parts to the ‘Chain of Security’:
- Physical – can my information be accessed in the real world?
- Network – can my information be accessed digitally?
- Policy – are guidelines for handling information in place?
- Training – are the above guidelines being communicated to employees and staff?
As LaPorte put it – your ‘Chain of Security’ is only as strong as its weakest link. This is worth reflecting on, as cybersecurity breaches are not always about stealing data.
You might be protected from online attacks with the best firewall available, but what if someone can access your physical systems? Consider the damage that could be done from physically stealing, altering, or destroying a mission-critical part of your operations.
No company is too small to be targeted by an attack.
This is true for a number of reasons:
- Most attacks are made with no specific target company in mind. The attackers cast a wide net to many targets in order to see who’s systems they can compromise.
- Your business might be the target of a cyber attack for nothing more than practice as your attackers train for larger targets. Regardless of any malicious actions that may or may not be taken after a breach, the damage is done and your reputation has been tarnished.
- Attacks are often committed by competitors or disgruntled employees and/or customers – people with both indirect and direct intimate knowledge of a company. According to IBM’s 2016 Cyber Security Intelligence Index, 60% of cyber attacks were carried out by insiders. Of that 60%, three-quarters of attacks were done maliciously, while one quarter were done inadvertently (e.g. employee gets phished, are tricked into sharing passwords via social engineering, etc).
Cybersecurity breaches have tremendous financial, reputational, and legal implications.
The average direct cost for a small business to recover from a cybersecurity breach is $35,000. Consequences like downtime, system replacement, employee overtime, insurance premiums, and more all contribute to this direct cost. Paul LaPorte used small businesses as a baseline, but the potential damage from a cyber incident increases exponentially as company size increases.
Additionally, these cybersecurity incidents have indirect ripple effects: loss of customers, a damaged reputation, and potential legal actions (especially if you’re a part of a larger supply chain). And while larger companies might be able to weather such an incident, 60% of small businesses fail within 6 months of an effective attack according to LaPorte.
Industrial IoT systems can transform business operations by providing increased visibility, enabling proactive decision making, and creating new business models. The security vulnerabilities of these complex systems of hardware, communication networks, and data servers can be managed by well designed cybersecurity strategies.
For advice on cybersecurity best practices, consult experts at industrial IoT companies like Temboo, compliance experts at companies like ComplyUp, or cybersecurity advisors at the US government-backed Manufacturing USA institutes and the NIST Manufacturing Extension Partnership National Network.
To learn more about how businesses are successfully implementing industrial IoT systems, see Temboo’s case studies or get in touch at firstname.lastname@example.org.