How can IoT devices such as Utilitywise’s new energy counter be protected within businesses

One of Britain’s big utilities firms have begun a venture into the Internet of Things (IoT). But how do devices powered by IoT benefit businesses, and how risky are they to their security? How can IoT devices be protected within businesses? image

Energy consultancy company Utilitywise, in collaboration with Vodafone and Dell, are set to launch a platform that will allow businesses to monitor energy usage within various areas from one single hub.

What has been described by Utilitywise managing director Brin Sheridan as “a ground-breaking technology”, it will display any lighting, heating and other types of energy wastage, which could lower the using business’s carbon footprint as well as the amount of money they spend on energy bills.

>See also: Business IoT “growing faster than one would think”

“By giving business owners and building managers unprecedented insight into how their businesses are using energy, they can make truly-informed decisions about how to reduce their utility bills,” Sheridan added.

“Utilitywise’s intelligent building controls solution has the potential to produce huge savings for customers, freeing up cash to be invested elsewhere.”

The Tyneside-based energy consultancy firm, formed in 2006, will take charge of the analytics department of the platform, while partners Vodafone will implement the software’s connectivity and Dell’s operation technology will be in place.

“With this unique combination we have the ability to reduce energy consumption bills for thousands of UK businesses,” said Dell’s EMC OEM solutions vice president Dermot O’Connell.

Vodafone and Utilitywise’s marketing teams will join forces to reveal the platform to the public.

>See also: Number of large scale IoT projects doubled in the last year 

Risky Business?

This development marks one of numerous waves being made in the IoT market by businesses as the phenomenon starts to go beyond home and personal use.

But while going down the IoT route may be environmentally and economically efficient, there is always a risk that automated technologies could come under cyber attacks, according to Principal Business Resilience Consultant at Sungard Availability Services, Tom Holloway.

“Increasing automation, data-rich production cycles and complex global supply chains make the manufacturing industry particularly vulnerable to disruption, specifically from cyber threats,” Holloway said.

“The BBC put the cost of the NotPetya ransomware attack to businesses at $1.2BN, not an improbable figure when you consider that a stoppage in a complex car manufacturing plant can cost £10,000s per minute.”

>See also: NotPetya: One year on – Have businesses learnt the lesson?

The Sungard consultant went on to refer to WLAN-reliant radio data terminals, RFID tags and sensor-embedded automation controls as areas of systems as the most vulnerable to ransomware, malware and theft.

Survey says…

IoT devices being added to company networks has been proven to potentially expose company software to attacks. According to a study by Infoblox, 35% of participating companies based in the US, UK and Germany declared that over 5000 devices were connected to their network per day.

These devices, shown to be commonly made up of fitness trackers (49%), digital assistants such as Alexa and Google Home (47%) and Smart TVs (46%) among others, have been found to be easily detected by search engines such as Shodan.

Furthermore, 5,966 detectable cameras were found to be implemented within business headquarters throughout the UK, while 2,346 detectable Smart TVs in Germany and 1,571 devices in the US with Google Home installed were discovered in March 2018 alone.

>See also: Security expert reveals how he hacked a hospital

Preparation, Proritisation and Protection

For Sungard Principal Business Resilience Consultant Tom Holloway, preparation is key to trying to preserve as much company data as possible if the network gets attacked.

“Preparation will help leadership teams manage a crisis when it happens. It’s not just your systems and data that you need to consider protecting, but also those of your suppliers, who in turn may be reliant on your data, and as you can’t protect everything, you must be ready to recover your data and systems whenever necessary.”

“Whilst you are considering the implications of all this, don’t lose sight of the impact of a data breach and the consequent damage of losing a client’s personal information – GDPR is barely 3 months from being in place and losing sensitive data could have serious repercussions on your business.”

>See also: Nearly half of businesses expect to be fined for not being GDPR ready

In addition to what businesses must do to protect their IoT devices, EMEA director of cyber security firm Neustar Anthony Chadd said that prioritisation is paramount.

“In order to avoid becoming a target, business must be proactive in their approach and  make it a priority to safeguard all IoT based systems,” Chadd stated. “To achieve this requires a clear understanding of what data needs safeguarding, and the levels of security that need to be put in place.”

“In order to achieve this, businesses must build out an organised and cohesive security strategy. This way they can successfully focus in on their more vulnerable data, processes and models – protecting valuable information from any and all IoT attacks moving forward.”

“On a more granular level, businesses must ensure the appropriate controls are in place for threat vulnerability and patch management while also ensuring that important data is identified and encrypted.”

>See also: 5 steps to better vulnerability management

Furthermore, Matthew Dunkley, representative for software licensing and security company Flexera recommends implementing a long-term plan complete with various security mechanisms early on to tackle insecurities.

“Devices are deployed in diverse environments and can be in use for many years,” explained Dunkley.  

“In the manufacturing industry for example, devices are often being used for more than 20 years or even longer.”

“IoT device manufacturers will have to have a long-term strategy in place to protect and update these devices for a lifecycle duration that so far has been unknown to the regular IT/Internet security.”

>See also: The advantages of industrial IoT: Making companies secure

In terms of what various mechanisms need to be put in place, Dunkley mentioned four methods:

“In the development phase, scanning and tracking for OSS and third-party applications need to be implemented to manage related software vulnerabilities. Application code should also be protected against binary tampering.”

“Secure and mature licensing technologies should be applied to ensure only eligible users can access the applications and compliance can be controlled.”

“Hacking is always a threat and possibility. IoT producers need to make sure they are notified immediately if a hack happens, and they should be able to react quickly and effectively.”

“The roll-out of patches and updates to the field needs to be automated and required detailed knowledge on what devices are using which software in which version to be effective.”

Unavoidable?

While companies try their hardest to eradicate vulnerabilities within IoT software, compromises to IoT security are part and parcel of the implementation, according to Andrew Tsonchev, Director of Technology at Darktrace Industrial.

“There’s only so much users can do to mitigate IoT vulnerabilities, and while manufacturers can make improvements, users should assume that their IoT devices are vulnerable to attack,” Tsonchev stated.

>See also: 4 modern challenges for the Internet of Things

“These security flaws are so common because there is such a rush to get these products to the market as quickly and cheaply as possible.”

“To address IoT security, we need to take a bigger picture view – we can’t only be looking at vulnerabilities, but we also have to catch the threats when they do get in. Artificial intelligence is being used now to find IoT hacks and respond to them before they cause damage.”

“At Darktrace we find IoT compromises on a regular basis, from infected video conferencing devices in law firm board rooms, to fish tanks that have been hacked and are being used to exfiltrate data. This is because our technology analyzes all devices on a network, whether they are traditional laptops and data servers, industrial machinery, or IoT devices.”

With cyber attacks displaying a capability to go beyond phones, computers and other traditionally electronic devices within businesses, this may give Utilitywise’s plan to implement energy meters with built-in IoT plenty of food for thought when it comes to its protection from cyber attacks.  

Latest news

divider
Business & Strategy
Overcoming the challenge of disruption: The CTO responsibility

Overcoming the challenge of disruption: The CTO responsibility

14 August 2018 / From Brexit to global politics, new technologies to regulation and governance, over the last few [...]

divider
Legislation & Regulation
The EU Copyright Directive: seeing the funny side?

The EU Copyright Directive: seeing the funny side?

14 August 2018 / Earlier in the summer, the European Parliament voted down the EU’s proposed Copyright Directive. The [...]

divider
Smart Cities
The importance of the PoC when planning an IoT smart city initiative

The importance of the PoC when planning an IoT smart city initiative

13 August 2018 / Analysts are predicting huge things for IoT, with statistics from IDC forecasting that by 2020, [...]

divider
Travel & Leisure
Holiday data and where it can take us

Holiday data and where it can take us

13 August 2018 / The travel industry is undergoing considerable change. According to research from Statista, international tourism has [...]

divider
Immersive Technology
CTOs on our Doorstep: Stuart Cupit, INITION

CTOs on our Doorstep: Stuart Cupit, INITION

13 August 2018 / In our weekly series, Information Age speaks to Stuart Cupit, chief technology officer and co-founder [...]

divider
Diversity
‘A strong diversity and inclusion agenda helps with M&A’

‘A strong diversity and inclusion agenda helps with M&A’

13 August 2018 / The business case for a strong diversity and inclusion agenda is now well established. Simply, [...]

divider
People Moves
ICO appoint new executive director McDougall

ICO appoint new executive director McDougall

13 August 2018 / McDougall, who has served on the Board of Directors and the European Advisory Board at [...]

divider
Events
Tech Leaders Awards 2018 – finalists revealed!

Tech Leaders Awards 2018 – finalists revealed!

13 August 2018 / The UK’s leading celebration of the business, IT and digital leaders driving disruptive innovation and [...]

divider
Smart Cities
The UK’s current smart city developments examined

The UK’s current smart city developments examined

13 August 2018 / Bristol Overtaking London as the UK’s leading smart city in October 2017, a couple of [...]

Do NOT follow this link or you will be banned from the site!