Cybersecurity: an essential element of every IoT project
Published on 28/11/2019 in Inspire
An IoT project can only be considered a success if cybersecurity is assured. What security requirements do such projects involve? Frederik Van Den Hof, Enterprise Security Solution Advisor at Proximus, explains.
How important is security for an IoT environment?
Frederik Van Den Hof, Enterprise Security Solution Advisor at Proximus: “Very important. These days developers are under a fair amount of pressure to deliver projects quickly, so security doesn’t always get the attention it deserves. Security by design is not always the starting point. And yet, digital attacks are growing in scale and scope, and affecting ever wider areas.”
“Hackers are particularly inventive so they often use security holes in IoT devices - which are a weak link in many networks. One of the biggest documented Denial of Service attacks (when a system is made inaccessible by a flood of simultaneous requests – editor’s note) used thousands of hacked IoT devices. And then there is the risk of digital attacks on smart cars, for example, or critical infrastructure such as water treatment plants or nuclear power plants.”
Would you like to know more about IoT and security?
Want to start an IoT project? Let us help you.
What is the right starting point for security when designing an IoT system?
Frederik: “I think it’s important in any event that you consider what appliances are connected to your network. Especially because segmentation – where you restrict which appliances can communicate with other appliances – is not always a common practice. You don’t want a hacked printer that is able to control a computer. Things like that can be avoided.
We can help companies with that as well. We have a scan tool that charts everything on the network and how it is behaving. And then sometimes you come across things that no one expected: a smart sunblind or a connected air-conditioning unit that talks to dubious servers abroad for one reason or another.”
You don’t want a hacked printer that is able to control a computer. Things like that can be avoided. We can help companies with that as well. We have a scan tool that charts everything on the network.
Frederik Van Den Hof, Enterprise Security Solution Advisor at Proximus
Are companies more resistant to hacking attempts than private individuals?
Frederik: “Often, yes, because they have already worked out a security policy, for example. What private individual does that? Of course, the impact on companies is often bigger than for a private individual, as well. On the other hand, hackers realize that they can get more out of companies than out of private individuals and we see that in the way attacks target this segment more, too.”
What about updates and patches?
Frederik: “Of course, it’s essential that patches are installed and equipment is kept up to date, for instance by updating the firmware regularly. All the appliances on the network must have the latest software where possible, not just the sensors or IoT devices. That sometimes requires some discipline on the part of the end user, although there are more and more solutions for having this done automatically.”
Finally: what is the link between good connectivity and good security?
Frederik: “One doesn’t have to rule out the other. Security can run perfectly as a sort of layer on top of your connectivity. Security is often seen as a sort of impediment to connectivity and speed, but that really doesn’t have to be the case. You can rule out a lot of risks without having the slightest effect on speed.”
Would you like to know more about IoT and security? In a similar interview we take a closer look at the security aspect of the Internet of Things.