IoT Security Report 2022 uncovers significant gaps in cyber security. A study reveals many vulnerable IoT systems in the areas of medicine, production and KRITIS. Business leaders should think about increasing liability.
Cyber security is still thought of in silos - that is the conclusion of a study by the specialist for IoT security ONEKEY. “In many cases, companies and entrepreneurs still think in classic silos when it comes to IT security. The immediately growing risk of many different firmware versions in IoT systems is often overlooked,” warns Jan Wendenburg, Managing Director of ONEKEY.
Highest IoT threat in medicine
The areas with the highest risk include IoT devices and systems in medicine (47 percent), critical infrastructure (45 percent) and manufacturing (39 percent). Over 2022 company representatives from the management level were surveyed for the "IoT Security Report 300". "All areas of industry are vulnerable - because hackers consistently use every weak point and not just those that are desired by industry representatives," says Jan Wendenburg. The particular risk in the IoT sector is that every device and every system has its own firmware - i.e. software that controls the device or system itself. Since there are hardly any guidelines or binding specifications, many manufacturers have so far attached little importance to complete security against attacks.
Management liability
The ONEKEY boss also points to the increasing liability of company leaders: "It is foreseeable that in the very near future the management will be held directly liable for failures in IT security," says Wendenburg. This requirement was also met during the Hanover Fair by the VDE – Association for Electrical, Electronic & Information Technologies. V. – made loud. Therefore, every component of an IT system - especially the software - must be completely verifiable and traceable, according to Wendenburg from ONEKEY. The company, which specializes in IT security, operates an automated analysis platform for the operating software of all devices and systems with a network connection, but above all intelligent control systems in production, medical technology, critical infrastructures and in many other industrial areas.
Manufacturers could do more to protect
The company representatives surveyed at least agree on the security of IoT systems provided by the manufacturer: Only 12 percent consider the hacker protection measures to be sufficient, 54 percent see them as partially sufficient, 24 percent as insufficient and 5 percent even as deficient. “The key to more security is to use automatic security and compliance checks early in the development of new intelligent devices, systems and machines. At the same time, automated software parts lists, so-called "Software Bill of Materials", can also be generated. In this way, a great deal of security and transparency is achieved with little effort,” explains Jan Wendenburg.
More at ONEKEY.com
About ONEKEY ONEKEY (formerly IoT Inspector) is the leading European platform for automatic security & compliance analyzes for devices in industry (IIoT), production (OT) and the Internet of Things (IoT). Using automatically created "Digital Twins" and "Software Bill of Materials (SBOM)" of the devices, ONEKEY independently analyzes firmware for critical security gaps and compliance violations, without any source code, device or network access.