Tailored services for a safer connected business

IoT Cybersecurity

The number of reported IoT vulnerabilities have skyrocketed exponentially in the recent years, we believe the time to act is now.
The Global IoT Cybersecurity State

IoT Security Today is Remarkably Neglected

98%

of all global IoT traffic partly or fully lacks encryption.

57%

of deployed IoT devices are vulnerable to medium- or high-severity attacks.

90%

of business leaders lack cybersecurity confidence in their deployed IoT solutions.

About IoT/OT Cybersecurity

The Internet of Things (IoT) is Everywhere

IoT is the backbone of any connected business – it’s the core to be able to take completely data-driven decisions, both in your day-to-day operations and in relation to your strategic direction.

IoT – in various contexts and use-cases also referred to as M2M, Telematics & OT represents the solution that enables real-time visibility into how your products and processes are performing. By connecting your product’s sensors over a secure and reliable network you can automate action-taking based on real-time measurements and triggers.

Over 20 Billion IoT Devices Connected

And about 127 more being connected every second, it’s a fact that IoT has already and is going to continue to play a major role in enterprise digitalization across all sectors.

From tracking of goods – to real-time monitoring of electricity utilities – to taking remote ECGs on patients – to optimizing the fleet performance of construction machines – to digital payments – it is everywhere.

Connecting your product gives you measurements – these measurements are turned into insights – and this insight enables you to take calculated decisions based on the right information.

A Safe Digital Future with IoT

Our Two Branches of IoT

We have segmented IoT into two branches to enable profiled best practices and service adoption fit for purpose – Cybersecurity for Massive IoT and Cybersecurity for Critical IoT.

Massive IoT

Massive IoT typically comprises low-cost, low-energy, and data-consuming devices deployed in large-scale numbers leveraging NB-IoT/CAT-M & LoRa – typically for Smart Metering, Climate Monitoring, and similar Remote Monitoring use-cases.

Critical IoT (IIoT/OT)

Critical IoT enables applications requiring high reliability, high-throughput, and ultra-low latency. The typical use-cases are seen within Industrial Automation with connected ICS/Scada systems (OT). Networks with high availability are used, e.g., 5G, Wi-Fi 6, and Fiber.

Frequently Asked Questions about IoT/OT Cybersecurity

The OWASP IoT cybersecurity framework lists the top ten threats to IoT devices and solutions as follows:

  • #1 : Weak, Guessable, or Hardcoded Passwords
  • #2 : Insecure Network Services
  • #3 : Insecure Ecosystem Interfaces
  • #4 : Lack of Secure Update Mechanism
  • #5 : Use of Insecure or Outdated Components
  • #6 : Insufficient Privacy Protection
  • #7 : Insecure Data Transfer and Storage
  • #8 : Lack of Device Management
  • #9 : Insecure Default Settings
  • #10 : Lack of Physical Hardening

By addressing the top ten threats you bring cybersecurity hygiene toolsets and process to better protect your IoT environment.

IoT cybersecurity differentiate in nature from IT cybersecurity because the devices are connected to the physical world and the device life cycle is 10 to 20 years or more. In Industrial IoT & OT environments the life cycle can be as long as up to 40+ years. Apart from these fundamental differences, there are a few characteristics that adds to the complexity.

  • Deployment Environment – IoT devices typically are deployed in ‘hostile environments’, leaving them vulnerable for tampering. Protect your devices with physical hardening
  • Device Variety – there are significantly more variants of IoT devices as well as networks than what’s typically seen within enterprise IT. Asset and device management is crucial to stay in control of your mixed fleet of devices
  • Device Volumes – the number of IoT devices deployed globally is measured in double-digit billions, IoT already represents the majority of all connected devices. Managing devices at hyper-scale volumes require a lifecycle management that is considerably different from management of enterprise IT devices
  • Real World Impact – in the event of a breach, outage of an IoT device or IoT solution can have fatal impact on real-world products, process, and people. Medical devices, cooling systems in industries or robots compromised can have real-time visible impact with people getting hurt or worse. Deploying IoT & OT instantly changes the risk profile for enterprises and hence the cybersecurity needs investments in-size with the risk
  • Organization & Decision-Making – given that IoT bridges information systems (controlled by the CIO) and operational process and systems (controlled by the COO), there’s a risk that different points of views on whether cybersecurity is a protector or a barrier for growth
  • Change Management – in contrast to enterprise IT – the majority of IoT and OT systems comprise legacy and unsupported equipment. Cybersecurity for IoT & OT needs to be addressed differently because much of the equipment is unsuitable traditional tools
  • Availability – in IoT solutions, and especially in Industrial IoT/OT environments the operational uptime is of highest priority. In contrast to enterprise IT, where delays are usually accepted, IoT environments need to operate 24/7/365.

IoT enables real-time visibility into how products and processes are performing. Connected sensors enables remote monitoring and control, from anywhere.

On high-level, this is how IoT works:

  • #1 : Sensors are installed on the product or process to collect measurements (anything can be measured, e.g. temperature, humidity, pressure, distance, light, volume, gyroscope, motion, acceleration, location, flow, sound or moisture)
  • #2 : The sensor is connected to an IoT device which reads the sensor measurements (for lightweight and Massive IoT use-cases, the device and the sensor can be combined)
  • #3 : The device then transmits these measurements to a centralized telemetry hub
  • #4 : The network used can be wireless (e.g., cellular, Wi-Fi, LoRa) or fixed (fiber, ethernet)
  • #5 : In the telemetry hub the data is routed to a time-series storage, typically in the cloud
  • #6 : The telemetry data is aggregated and grouped to enable analytics scenarios
  • #7 : A business intelligence tool (e.g. Power BI/QlikView) is used to create insights
  • #8 : Data-driven automation is adopted, which enables remote optimization

Above example is applicable in Massive IoT solutions. OT environments and Industrial Control Systems involves different components where most monitoring and control happens on-site locally.

We’re always interested in strengthening our expertise within the IoT, OT, and Telecom arenas. If you have a strong background in IoT engineering (both within the device and cloud layers), IoT networking (both wireless incl., cellular and fixed), IoT product management, GTM, and marketing, we value your experience and believe that it can make a difference to build a safer digital future.

See our Career Site for open job positions in the IoT team. Make sure that you connect to also get notifications on new positions available.

News
Managed Detection for IIoT/OT/ICS Networks

Introducing Detect and Disarm for Industrial IoT/OT

Read more
Featured image
News
Tailored services for a safer connected business

Truesec Launches IoT Cybersecurity Domain

Read more
Featured image

Detect and Disarm for Industrial IoT/OT

Detect and Disarm for Industrial IoT/OT extends our SOC with IIoT/OT-aware behavioral analytics and threat intelligence.

Through agentless NDR monitoring, we bring full visibility into assets and risks in your Industrial IoT/OT environments to enable real-time threat monitoring.

This service is seamlessly integrated with all our existing EDR and XDR services to enable interoperability across IT-IoT-OT and a holistic detection; however, it can also be provided as a separate service in those scenarios where it’s needed.

In addition to 24/7/365 managed detection of your IIoT/OT environment we also bring insights into:
  • Asset Discovery – “What devices do I have?”
  • Network Mapping – “How are the device connected?”
  • Vulnerability Management – “What vulnerabilities do I have?”
  • Risk Management – “How do I prioritize mitigation?”
  • Threat Monitoring – “Are there any active threats and how do I stop them?”
  • Operational Efficiency – “Where is this unexpected packet flood coming from?”

Contact Our IoT Cybersecurity Team

We provide a tailored set of services and advice to support enterprises in building secure and sustainable IoT/OT. Whether you are new to IoT or have a fully operational global IoT deployment, we work with companies of all sizes in any industry. Don't hesitate to reach out to our IoT experts if you have questions, inquires or other thoughts.