IT study reveals glaring vulnerabilities: Industry must protect IoT controls
IT study reveals glaring vulnerabilities: Industry must protect IoT controls
Industrial systems are moving into hackers' focus worldwide and pose enormous risks
Düsseldorf/Germany, June 2, 2022 – With the increasing use of intelligent machines integrated into an entire manufacturing network, the risk of hacker attacks is rising enormously. An IT study reveals that many industrial companies are barely aware of this risk and therefore have not implemented compliance rules for the acquisition and operation of IoT equipment. Just over half of the more than 300 business representatives surveyed said they dispose of compliance rules for IoT security at their companies, while 35 percent have no rules at all. The figures were obtained by the IT company ONEKEY as part of its "IoT Security Report 2022." "Connected manufacturing is as efficient as it is dangerous. Plants have numerous hardware devices that use their own firmware and are more than ever the focus of hackers," warns Jan Wendenburg, CEO of ONEKEY. The company, which specializes in IT security, operates an automated analysis platform for software of smart products with a network connection, but especially intelligent industrial control systems and production plants. The majority of all companies rely on threat analyses (50 percent) and contractual requirements for suppliers (42 percent) to secure IoT infrastructures. "This settles the question of liability in case of doubt – but companies do not realize that a determined attack on manufacturing equipment can threaten a company's existence within a few days," says Jan Wendenburg of ONEKEY.
Role model process industry
The confidence of the more than 300 business representatives surveyed as part of the study in their own IT security measures shows the uncertainty: only 26 percent consider their own IoT security to be fully sufficient, 49 percent only partially sufficient. Almost 15 percent, on the other hand, consider their own measures even to be insufficient or deficient. Even penetration testing is not fully trusted – only 14 percent see it as an efficient way to test the security of an infrastructure; 68 percent see it as partially efficient. "The problem needs to be addressed at the root, right during the production of devices, machines and endpoints. The IT industry could take a cue from the process industry – the pharmaceutical industry, for example. There, it is a legal requirement to provide complete traceability and transparency for every component of a product. This should equally be standard in the IT sector to eliminate the risks posed by easily hackable firmware in production equipment and other endpoints. Every piece of unknown software on a device or a simple component of a device is a black hole with full risk of being attacked by a hacker or entire groups," says Jan Wendenburg, CEO of ONEKEY. This software bill of materials, also called "SBOM," is also supported by 75 percent of the respondents.
Study reinforces demand for proof of origin
Meanwhile, the damage can quickly run into the millions: 35 percent of the IT managers and decision-makers surveyed for the study consider an annual damage of up to 100 million euros to be realistic, another 24 percent even up to 500 million, and 17 percent more than 500 million euros. "Since the figures were requested between January and February 2022, a far more dramatic picture can be painted now. Since we know that IT attacks are also part of warfare, we must protect ourselves even better. Especially, since we can expect a further increase in industrial espionage as a result of the sanctions. Here, too, weaknesses in firmware can favor the intrusion of hackers and can even make them almost invisible, because classic security measures often fail when hacked via industrial systems or devices," explains Jan Wendenburg of ONEKEY.
About ONEKEY:
ONEKEY (formerly IoT Inspector) is the leading European platform for automated security & compliance analysis for devices in industry (IIoT), manufacturing (OT) and the Internet of Things (IoT). Using automatically generated "Digital Twins" and "Software Bill of Materials (SBOM)" of the devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, completely without source code, device or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically fixed. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors and users of IoT technology to quickly and automatically check security and compliance before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.
Further Information: ONEKEY GmbH, Kaiserswerther Straße 45, 40477 Düsseldorf, Germany, Sara Fortmann, E-Mail: sara.fortmann@onekey.com, Web: www.onekey.com PR Agency: euromarcom public relations GmbH, Mühlhohle 2, 65205 Wiesbaden, Germany, Phone: +49 611 9731 50, E-Mail: team@euromarcom.de, Web: www.euromarcom.de
- - - -