Creating cyber resilient devices, however, negates this issue, as the device can protect itself, respond to attacks and recover without any human intervention. The role of IoT is growing in importance for enterprises and consumers alike but having a way to securely manage devices and regain control without manual intervention is vital for ensuring security in the long-term.
Not every organization has the required knowledge or experience to create this new layer of security. Not-for-profit organizations and groups, such as the Trusted Computing Group’s Cyber
Resilient Work Group, bring together members of leading technology companies to define, develop, and promote global, industry-wide specifications and standards with guidelines that are simple to
follow. This Work Group has recently released a new specification, titled Cyber Resilient
Module and Building Block Requirements, that helps organizations develop a solid foundation for cyber resilience and reduce the risk of cyberattacks.
By following a set of building blocks, cyber resilient capabilities can be easily implemented into devices at the stage of manufacturing. As devices are made up of numerous firmware layers and components, many of which have potential vulnerabilities, it is possible they may need servicing of the code and configuration of one or more layers.
By following these key steps, cyber resilient devices can be built with a limited range of resources, as often the technologies that support secure and reliable remote device management and recovery have several barriers, such as cost. With the ability to create these devices with limited means, more organizations of all sizes and budgets will be able to build in efficient security measures from the get-go. Enhancing the security of IoT devices cannot fall to one of two individual groups; it requires the ongoing effort and support of the entire ecosystem.
There is also a real risk when it comes to businesses who utilize devices within their day-to-day operations. Not only can attacks cause on average $200,000 worth of damage, but vitally important systems can be taken offline or taken control of, while extremely sensitive commercial information is often stolen and used for industrial espionage. It came to light in 2020 that US aerospace and satellite companies were attacked in 2015, with hackers stealing intellectual property and important commercial data, costing millions of dollars and causing a breach of national security.
No matter the industry, businesses need to ensure that they are proactively preventing the damage of attacks, rather than waiting until it is too late and paying a costly ransom or having to rebuild their business—and public trust. Cyberattacks are inevitable, but businesses must take every action possible to minimize the downtime and long-term damage to their company.
The use of IoT offers businesses a wide range of benefits, including improved efficiency, enhanced productivity. and reduced costs. With IoT devices generating large volumes of data that can be used to streamline operations and inform strategic business decisions, those not utilizing IoT are at a significant disadvantage compared to others in the same industries. However, if the security of these devices is not a priority, the use of them can do more harm than good by opening the door to cyberattacks and the financial, reputational, and logistical disadvantages these bring. With the latest data breach report by IBM and the Ponemon Institute finding that the cost of a data breach has increased by 10 percent since 2019, there is no better time than now to prioritize the creation of cyber resilient devices for a secure IoT future.