IT study reveals glaring vulnerabilities: Industry must protect IoT controls

Industrial systems are moving into hackers’ focus worldwide and pose enormous risks

Düsseldorf, June 2nd, 2022 – With the increasing use of intelligent machines integrated into an entire manufacturing network, the risk of hacker attacks is rising enormously. An IT study reveals that many industrial companies are barely aware of this risk and therefore have not implemented compliance rules for the acquisition and operation of IoT equipment. Just over half of the more than 300 business representatives surveyed said they have compliance rules for IoT security in place at their companies, while 35 percent have no rules at all. The figures were obtained by IT company ONEKEY as part of its “IoT Security Report 2022.” “Connected manufacturing is as efficient as it is dangerous. The plants have numerous hardware devices that use their own firmware and are now more than ever the focus of hackers,” warns Jan Wendenburg, CEO of ONEKEY. The company, which specializes in IT security, operates an automated analysis platform for software of smart products with a network connection, but especially intelligent industrial control systems and production plants. The majority of all companies rely on threat analysis (50 percent) and contractual requirements for suppliers (42 percent) to secure IoT infrastructures. “This settles the question of liability in case of doubt – but companies don’t realize that a dedicated attack on manufacturing equipment can threaten a company’s existence within a few days,” says Jan Wendenburg of ONEKEY.

Role model process industry

The confidence of the more than 300 business representatives surveyed as part of the study in their own IT security measures shows the uncertainty: only 26 percent consider their own IoT security to be fully sufficient, 49 percent only partially sufficient. Almost 15 percent, on the other hand, even consider their own measures to be insufficient or even deficient. Even penetration testing is not fully trusted – only 14 percent see it as an efficient way to test the security of an infrastructure. 68 percent see it as partially efficient. “The problem needs to be addressed at the root, right during the production of assets, machines and endpoints. The IT industry could take a cue from the process industry – the pharmaceutical industry, for example. There, it is a legal requirement to have complete traceability and transparency for every component of a product. That would have to be equally standard in IT to eliminate the risks posed by easily hackable firmware on production equipment and other endpoints. Every piece of unknown software on a device or a simple building block of a device is a black hole with full risk of being attacked by a hacker or entire groups,” says Jan Wendenburg, CEO of ONEKEY. This software bill of materials, also called “SBOM”, is also supported by 75 percent of the respondents.

Study reinforces demand for proof of origin

Meanwhile, the damage can quickly run into the millions: 35 percent of the IT managers and decision-makers surveyed for the study consider annual damage of up to 100 million euros to be realistic, another 24 percent even up to 500 million, and 17 percent more than 500 million euros. “Since the figures were asked between January and February 2022, a far more dramatic picture can now be painted. Since we know that IT attacks are also part of warfare, we must protect ourselves even better. Especially since we can also expect a further increase in industrial espionage as a result of the sanctions. Here, too, weaknesses in firmware can favor the intrusion of hackers and even make them almost invisible, because classic security measures often fail in the event of a hack via industrial systems or devices,” explains Jan Wendenburg from ONEKEY.

About ONEKEY

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management. The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

Integrated compliance checking already covers the upcoming EU Cyber Resilience Act and existing requirements according to IEC62443-4-2, EN303645, UNR155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de