Attacks on IoT devices, which are the challenges and solutions in industries

1 March 2024
tecnologia, Innovation Center, English

The prospects for technological development in the industrial, automotive and healthcare sectors require innovations to mitigate risks

In the current scenario, the Internet of Things (IoT) devices active in 2022 were 35.37 billion with growth forecast up to 73.79 billion by 2027. The IoT devices not only bring value for individual consumption, but also for different industrial sectors since they are a means to optimize business operations. Moreover, through machine-to-machine communication (M2M), data can be monitored in real time.

The benefits of digitalisation and connectivity, however, entail also risks. Malware attacks alone rose from 60 million in 2021 to 112 million in 2022. Indeed, recent and prominent cases of IoT security breaches in several companies (Colonial Pipeline, Tesla and Abbot Healthcare) highlight the importance of identifying vulnerabilities and setting up a Security of Things system.

• Industrial sector

The recent orientation of organizations provides integrated and no longer isolated functionalities of Operational Technology (OT) systems, designed for the control and monitoring of physical processes, and of Information Technology (IT) suitable for data management such as servers and storage devices.

The investigation "European Cyber security Responsibility, Spending and Posture” conducted among end users influencing IT security budgets, highlighted that the main negative impacts of attacks in 2022 include IT system disruption (43.5%), lost productivity (34.1%), the imposition of increased regulatory oversight (24.7%), the erosion of brand reputation (23.5%), and the forced public disclosure of the violation (17.6%).

Different industries are located at different levels of maturity in cybersecurity. Utilities, in fact, have been in the forefront of the adoption, while the second most advanced segment is that of oil and gas (O&G). For manufacturing, many cybersecurity projects are in their early or pilot stages.

In response to these risks, technological solutions are oriented towards prevention through encryption, cloud backup - which allows prompt data recovery -, machine learning and artificial intelligence to examine in real time large amounts of data, in addition to sensors and blockchain to ensure data security and integrity.

A tangible example of the aforementioned innovations in the industrial field is the startup Alias Robotics, which has developed the Robot Immune System. This certified software solution protects robots and robot components from cyber threats through an adaptive firewall, which blocks unexpected communications and adapts dynamically by removing unnecessary communications.

• Healthcare sector

In the healthcare sector, the threat of cyber attacks is of particular interest as 90% of data is managed through connected medical devices called the Internet of Medical of Things (IoMT). Globally, the penetration of IoMT solutions in the healthcare sector reached 86%, with a total of 646 million IoMT devices used in 2020.

Also in 2020, the average cost of a single data breach in the healthcare sector was 60% higher than in other sectors globally. This is because healthcare market players typically take 153% more time to identify a threat and 142% more time to solve it than other industries.

The main challenges facing the healthcare sector to reduce the frequency of cyber attacks include the difficulty of meeting requirements and implementing large-scale cybersecurity, as well as keeping up with evolving regulatory compliance criteria and ensuring patient privacy.

In this context, Application Programming Interfaces (APIs) must adhere to TLS protocols to ensure secure communication of sensitive patient data and compliance with standard OAuth2.0 or OpenID, as well as implementing traffic monitoring services to detect and prevent unauthorized access attempts. Other solutions include equipping low-code procedures to facilitate the implementation of security measures, offering training to reduce human errors that often lead to avoidable breaches, and ensure that APIs are authenticated in order to allow the interoperability of data between several healthcare systems.

For example, the Swiss Medisanté develops a solution to manage and monitor medical devices via a cloud infrastructure. Compatibility with multi-vendor devices and rapid integration with virtual care platforms thus supports remote patient monitoring and decentralized clinical trials.

Top security threat agents, US, 2019, 2020 and 2025

• Automotive sector

The automotive industry is also exposed to significant risks caused by the increasing integration of telematics. By 2026 , most cars are expected to use Cellular-Vehicle-to-Everything (C-V2X) technology that allows vehicles to communicate directly with other vehicles (V2V), infrastructure (V2I) and road users (V2P) through low latency messages, increasing the complexity and vulnerability of systems.

In this context, the focus is on possible data breaches with financial and privacy consequences, and about automated vehicle responses integrated into Intelligent Transportation Systems (ITS), which compromise functions such as traffic monitoring and road traffic information.

The counterattack - in line with data protection legislation WP.29 and sector standard ISO/SAE 21434 - involves the integration of artificial intelligence to protect autonomous vehicles from system manipulation, Distributed Denial-of-Service adaptive memory-based traffic signals and attacks spoofing. The solutions also include proactive monitoring and preventive maintenance plans.

For example, SecureThings - a specialist technology solution provider for the Californian automotive industry - develops various solutions: from risk analysis to real-time detection, up to the protection of the connected vehicle ecosystem through a dashboard offering specific details.