ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

How organisations can mitigate IoT and IIoT security risks

By Contributor
Wed 6 Jul 2022

Article by Wavelink* CEO Ilan Rubin

The digital industrial revolution in the wake of the COVID-19 pandemic has sparked intense growth for the Internet of Things (IoT) and Industrial Internet of Things (IIoT) markets. However, these game-changing technologies have security risks that must be addressed for organisations to reap the full benefits. As organisations increasingly rely on IoT and IIoT to manage critical business systems, finding the right security approach is essential.

IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured. This puts organisations in danger of cyber threats such as device hijacking, data breaches or siphoning, device theft, spoofing, and denial of service attacks. These types of attacks have severe operational, financial, safety and reputational outcomes for organisations.

This is especially concerning because organisations trust technology to gather sensitive data, connect virtual and physical environments, manage production workflows and predictive maintenance, including safety aspects, and dynamically interact with each other. When trusting technology to this extent, it is critical to ensure organisations have the right policies to mitigate risks and reduce the impact of a cyber breach.

A key issue is that IoT and IIoT devices were not designed to be secure, with many having passwords hard-coded into their firmware, making it difficult for security to be patched or updated. Even if security is installed on a device, it can be circumvented in most cases by exploiting a wide range of known vulnerabilities. When IoT or IIoT devices are compromised, IT teams may find it challenging to detect an event before it impacts systems and data.

There are five ways to mitigate IoT and IIoT security risks. As part of this approach, it is important to consider the IoT/IIoT environment holistically and not as separate components or devices.

  1. Segment the production environment so that all IIoT and wireless devices sit outside of the supervisory control and data acquisition (SCADA) or industrial control system (ICS) network. In many cases, micro-segmentation is required to only permit authorised communications between devices.
  2. Control network access by consistently monitoring what is connecting to the network and verifying each device’s security posture before it can be connected.
  3. Demand seamless visibility across all networks and devices the business uses for security monitoring and management. This should be centralised so that all devices, networks, risks, traffic, and policies can be viewed and managed across both the production and IT environments in real-time.
  4. Use an intrusion protection system (IPS) to help detect attacks and provide virtual patching of IoT and IIoT devices. At the same time, deploy active protection solutions and deception technology to counter unknown threats.
  5. Use automatic secure remote access through zero trust so everyone on the network is verified and applications remain secure no matter where authorised users are located.

When adopting security solutions, it’s important to ensure they can automatically scale with business needs. This includes adapting to network changes, anticipating and proactively managing threats, and providing real-time threat intelligence.

A new generation of security tools is achieving this by delivering better visibility of the network environment while automatically responding to compromised devices or suspicious activity. These tools directly meet operational and regulatory needs by providing centralised management and a unified context-aware security policy that delivers granular control and visibility across all devices and networks. In this way, both current and emerging IoT and IIoT security solutions can ensure the integrity and protection of assets in the automated organisation, futureproofing it against emerging cyber threats.

*Wavelink is a Fortinet distributor

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
i-PRO
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Artificial Intelligence
Runecast's award-winning platform future-proofs businesses
Runecast provides both security and operations teams with what a few industry experts have called a 'must-have' solution.
Story image
Partner awards
Vertiv recognises outstanding 2021 A/NZ channel partners
Vertiv has recognised the exceptional contributions that its Australia and New Zealand channel partners made to its IT and mechanical and electrical (M&E) businesses in 2021.
Story image
Gaming
Logitech G’s new Aurora collection looks to help change gaming stereotypes
The company’s new Aurora collection is designed to be gender inclusive, not gender exclusive, addressing the needs and wants of women gamers while also still appealing to a wider general audience.
Story image
Cheetah Digital
Privacy, data ethics and the ‘seismic shift’ in consumer trust
Aussie consumers have low levels of trust for advertising, but will pay more to purchase from a trusted brand, a new report from Cheetah Digital reveals.
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
BAI Communications Australia
BAI Communications to help improve mobile coverage across regional NSW
Deputy Premier and Minister for Regional NSW Paul Toole said regional communities deserve reliable and affordable mobile services.
Story image
Identity and Access Management
Pitney Bowes launches rebranded management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
Phishing
Phishing, software vulnerabilities cause 70% of cyber incidents
The heavy use of software vulnerabilities matches the opportunistic behaviour of threat actors who scour the internet for vulnerabilities and weak points.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Digital Transformation
Macquarie Telecom rolls out SD-WAN services for mycar Tyre & Auto
Macquarie Telecom says it has rolled out NBN and SD-WAN services to more than 270 mycar Tyre & Auto stores across Australia. 
Story image
Sustainability
Phronesis Security achieves B-Corp certified status
Phronesis Security has become the first cyber security company in Australia to achieve the coveted B Corp certification, having been certified since June 2022. 
Story image
Mobile Device Management / MDM
Claroty's Team82 uncovers two vulnerabilities in FileWave’s MDM system
Claroty’s research arm (Team82) has uncovered and disclosed two critical vulnerabilities in FileWave’s Mobile Device Management (MDM) system.
Story image
Data
Consumers will stop doing business over data practices
“Data privacy remains a concern for consumers when it comes to sharing their information with an online retailer with an unclear view of privacy laws."
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
SAP
OutSystems joins SAP PartnerEdge program, integrates solutions
OutSystems has become an official member of the SAP PartnerEdge program. This will make it easier for other businesses within the SAP ecosystem to discover and connect with OutSystems.
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Infrastructure
Rimini Street announces new suite of security solutions for enterprises
Rimini Street has announced the launch of Rimini Protect, a new suite of security solutions set to provide a more comprehensive layer of security.
Story image
Phishing
Top universities lagging on basic cybersecurity - report
Universities in Australia, the US and the UK are lagging on basic cybersecurity measures, creating higher risks of email-based impersonation attacks.
Story image
Cybersecurity
Optic Security Group on Australia recruitment drive
Trans-Tasman security integrator looks to meet the twin challenges of high client project demand tight & labour market supply with new opportunities.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
Gaming
Hands-on review: SteelSeries Apex Pro Mini Keyboard
SteelSeries has taken the design of its range of Apex keyboards to create a smaller version, the Apex Pro Mini. Techday’s Darren Price checks it out.
Story image
Appointments
Tech job moves - Checkmarx, Kinly, Syniti, Trellix & WalkMe
We round up all job appointments from July 22-28, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Artificial Intelligence
Why smarter healthcare depends on data and automation
The pandemic has acted as a fierce catalyst for change. It’s strong-armed industries across the globe to embrace a world of new. Nowhere is that more evident than in healthcare.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Wiise
Discover why cloud ERP is central to a growing business' tech stack. Sign up now for free.
Link image
Story image
Biometrics
AU biometric security company achieves B Corp cert
Australian biometric security firm Daltrey has announced it has become the first cybersecurity vendor in AU to achieve the B Corp certification.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Microsoft
SaaS sector in NZ thriving as a result of trans -Tasman partnerships
New Zealand's Software-as-a-Service (SaaS) sector is on track to be the biggest contributor to GDP this year, generating more than NZD$20 billion for the New Zealand economy.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Sustainability
Green hydrogen company Hysata raises AUD $42.5 million
Global investors are supporting Hysata's hydrogen electrolyser technology as the organisation closes its oversubscribed Series A funding round of AUD $42.5 million. 
Story image
Security vulnerabilities
Flashpoint says vulnerability disclosure ‘highly volatile’
Flashpoint has released The State of Vulnerability Intelligence: 2022 Midyear Edition, finding that the current state of the vulnerability disclosure landscape is ‘highly volatile’.
Story image
Check Point
Ransomware now impacts 1 out of 40 organisations a week
Retailers and the wholesale sector saw the largest spike in ransomware attacks, with an alarming increase of 182%.
Story image
Product Management
TeamViewer and Siemens to innovate product lifecycle space with AR
TeamViewer's new partnership with Siemens Digital Industries Software to bring the power of TeamViewer's AR platform, Frontline, to Siemen Teamcenter software.