IoT security report 2022 reveals significant gaps in cybersecurity

Düsseldorf/Germany, July 06, 2022 – Cybersecurity is still thought of in silos – that is the conclusion of a study by IoT security specialist ONEKEY. “In many cases, companies and entrepreneurs still think in classic silos when it comes to IT security. In doing so, the directly grown risk of many different firmware versions in IoT systems is often overlooked,” warns Jan Wendenburg, CEO of ONEKEY. Areas of highest risk include IoT devices and facilities in health (47 percent), in critical infrastructure (45 percent) and in manufacturing (39 percent). More than 300 senior-level company representatives were surveyed for the “IoT Security Report 2022.” “All areas of industry are vulnerable – because hackers consistently exploit every vulnerability, not just those requested by industry representatives,” says Jan Wendenburg. The particular risk in the IoT sector is that every device and every system have their own firmware – in other words, software that controls the device or facility itself. Since hardly any guidelines or binding specifications exist in this area, many manufacturers have put little emphasis on seamless security against attacks so far.

Liability of the management

The CEO of ONEKEY also points to the increasing liability of company managers: “It is foreseeable that in the very near future, the management will be directly held liable for omissions in IT security,” says Wendenburg. This was also loudly demanded during the Hannover Messe by the VDE (German Association for Electrical, Electronic & Information Technologies). Therefore, every component of an IT system – especially the software – must be completely verifiable and traceable, according to Wendenburg of ONEKEY. The company, which specializes in IT security, runs an automated analysis platform for operating software of all devices and facilities with a network connection, but especially intelligent control systems in manufacturing, medical technology, critical infrastructures and many other industrial sectors.

Manufacturers could do more to protect

The company representatives surveyed at least agree on the security provided by manufacturers for IoT systems: only 12 percent consider the measures taken to protect against hacking to be sufficient, 54 percent see them as partially sufficient, 24 percent as insufficient, and 5 percent even as deficient. “The key to greater security lies in using automated security and compliance checks very early in the development of new smart devices, plants and machines. This can also involve the simultaneously automated generation of “software bills of materials.” “This way, a great deal of security and transparency is achieved with little effort,” explains Jan Wendenburg.

All results of the study “IoT Security Report 2022” can as of now be downloaded online.