IoT security report 2022 reveals significant gaps in cybersecurity
Düsseldorf/Germany, July 06, 2022 – Cybersecurity is still thought of in silos – that is the conclusion of a study by IoT security specialist ONEKEY. “In many cases, companies and entrepreneurs still think in classic silos when it comes to IT security. In doing so, the directly grown risk of many different firmware versions in IoT systems is often overlooked,” warns Jan Wendenburg, CEO of ONEKEY. Areas of highest risk include IoT devices and facilities in health (47 percent), in critical infrastructure (45 percent) and in manufacturing (39 percent). More than 300 senior-level company representatives were surveyed for the “IoT Security Report 2022.” “All areas of industry are vulnerable – because hackers consistently exploit every vulnerability, not just those requested by industry representatives,” says Jan Wendenburg. The particular risk in the IoT sector is that every device and every system have their own firmware – in other words, software that controls the device or facility itself. Since hardly any guidelines or binding specifications exist in this area, many manufacturers have put little emphasis on seamless security against attacks so far.
Liability of the management
The CEO of ONEKEY also points to the increasing liability of company managers: “It is foreseeable that in the very near future, the management will be directly held liable for omissions in IT security,” says Wendenburg. This was also loudly demanded during the Hannover Messe by the VDE (German Association for Electrical, Electronic & Information Technologies). Therefore, every component of an IT system – especially the software – must be completely verifiable and traceable, according to Wendenburg of ONEKEY. The company, which specializes in IT security, runs an automated analysis platform for operating software of all devices and facilities with a network connection, but especially intelligent control systems in manufacturing, medical technology, critical infrastructures and many other industrial sectors.
The company representatives surveyed at least agree on the security provided by manufacturers for IoT systems: only 12 percent consider the measures taken to protect against hacking to be sufficient, 54 percent see them as partially sufficient, 24 percent as insufficient, and 5 percent even as deficient. “The key to greater security lies in using automated security and compliance checks very early in the development of new smart devices, plants and machines. This can also involve the simultaneously automated generation of “software bills of materials.” “This way, a great deal of security and transparency is achieved with little effort,” explains Jan Wendenburg.
All results of the study “IoT Security Report 2022” can as of now be downloaded online.
ONEKEY is the leading European platform for automated security & compliance analysis for industrial (IIoT & ICS), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use and 24/7 throughout the product lifecycle. Leading companies such as SWISSCOM, VERBUND AG and ZYXEL are using this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.
euromarcom public relations GmbH
+49 611 973 150