Is IoT getting more secure in the region?

In an increasingly connected world, the Internet of Things (IoT) is delivering business value and real-world benefits to individuals across the globe. From increasing physical safety to creating fundamental changes to how we build and consume products, the IoT is creating the data that unearths insights into better ways to work and live.

In order to deploy IoT solutions effectively and successfully, security must remain a top priority. Maintaining data integrity and confidentiality remains paramount while building a resilient cybersecurity ecosystem.

IoT-based attacks are already a reality and as the number of connected IoT devices is set to top 20 billion by 2023, businesses must act quickly to ensure their ability to detect IoT device breaches. Gemalto’s 2018 State of IoT Security Report reveals that 48 per cent of businesses are unable to detect if any of their IoT devices suffers a breach. The biggest issue is protecting the increasing amount of data companies collect, with only 59 per cent of those using IoT, and spending on IoT security, admitting they encrypt all of their data.

Dubai has long established itself as a preferred destination for business, work and tourism. Government entities such as Smart Dubai are paving the way, as the city becomes one of the most connected and ‘smartest’ cities in the world. To date, over 100 smart initiatives and more than 1,000 smart services by two dozen government departments and private sector partners have been launched in Dubai. The idea is simple, yet ambitious: harness the vast amounts of data generated on a daily basis in one of the busiest cities in the world, to drive connectivity, and ultimately efficiency. In a bid towards securing the IoT, the Data Wealth initiative was launched, protecting the emirate’s data and identity with ‘Dubai Digital Certificates’.

New organisations and services based on IoT and data analytics are constantly evolving, and established firms are adapting to new data-driven business models that accelerate efficiency and innovation for themselves and their customers. In markets as diverse as healthcare, manufacturing, transport and the construction of smart buildings and smart cities, the IoT is enabling the development of products and services that would have been impossible just a few years ago.

According to officials, Dubai’s data wealth, which consists of data storing and processing technologies, as well as blockchain, digital signatures and IDs, clean energy and other elements, is made of 121 initiatives, 20 databases and 1,129 smart services. Over the next three years, they are expected to generate Dhs33.8bn ($9.2bn), while IoT will reach Dhs17.9bn ($4.9bn) in value by 2021. This opens up exciting new business opportunities for economic growth, but it also makes organisations more vulnerable to a variety of new security threats.

In the face of such overwhelming numbers, many businesses are approaching implementing an IoT strategy with trepidation, despite the benefits. Concerns around how to implement a secure infrastructure and manage the associated costs, as well as reputational damage from recent high-profile cases of IoT hacking and data breaches, are holding back investment – leaving companies at risk of being out-competed by those who are moving ahead.

With breaches now publicised in the media, end-users are increasingly wary of the consequences of poor security. Concerns about the level of digital protection offered by IoT innovations are growing, with many users hesitant to try new services. Fear factors weigh heavily during the decision-making process, meaning that despite the many advantages of embarking on the new technology, users are hesitant. Already, research commissioned by Gemalto suggests that 90 per cent of consumers lack confidence in the security of IoT devices.

These concerns are understandable. IoT solutions have to be well managed and care must be taken to design security into every single part of the whole. As more and more systems are connected together via the IoT, weak security in just one part can end up jeopardising the whole.

We see instances of this in the headlines all the time, where attackers compromise one seemingly innocuous device and gain access to far more critical systems and databases. But it doesn’t have to be this way. With a solid understanding of the fundamentals of IoT security and the right partnerships in place, risks can be limited and rewards reaped. There are many ways an attacker can access features or data on a connected device. The main target hacking points are the device, the cloud infrastructure, and the network. ​

IoT-based attacks are already a reality and as the number of connected IoT devices is set to top 20 billion by 2023, businesses must act quickly to ensure their ability to detect IoT device breaches. Gemalto’s 2018 State of IoT Security Report reveals the biggest issue is protecting the increasing amount of data companies collect, with only 59 per cent global companies admitting they encrypt all of their data.

For organisations to truly adopt a 360-degree approach, every element of the IoT network should be secured, from the design and manufacturing stages, through their entire lifecycle, guarding data against malicious attacks. Organisations must begin to understand that embracing the IoT requires a new way of thinking about how industrial systems are designed and used. Building security into products from the ground up is imperative to ensure devices are shielded from attacks as much as possible, from the core to the edge, and through their entire lifecycle. 

The focus is to get the right combination of reliable, future-proof, and scalable security solutions, adapted to individual needs. Regular evaluation of connected devices also goes a long way in staying on full alert for breaches. By executing a thorough testing of devices and systems as well as ensuring appropriate security solutions are in place, organisations can greatly reduce the risk of an attack and protect users’ sensitive data.

Sebastien Pavie is regional director for enterprise and cybersecurity at Gemalto