The Internet of Things (IoT) is experiencing rapid and continuous growth. IDC estimates that by 2025, approximately 55.7 billion devices will be connected to the Internet, generating an estimated 163 zettabytes of data globally. This growth significantly expands the attack surface of IT infrastructures wherever data is generated, processed, and stored. Each new IoT device can potentially serve as an entry point for cybercriminals. With IoT device security often overlooked, businesses face significant cybersecurity risks, particularly in industrial environments.

A successful cyberattack can disrupt industrial production, even halting it entirely, leading to severe financial consequences. According to a survey by the insurance company Hiscox, one in five businesses that suffered a cyberattack found themselves on the brink of bankruptcy. Consequently, it is in every company’s best interest to prepare for cyberattacks and strengthen organizational cyber resilience. However, as Steffen Zimmermann, Director of the Competence Center Industrial Security at the Verband Deutscher Maschinen- und Anlagenbau (VDMA – German Mechanical Engineering Industry Association), notes, “many companies continue to postpone addressing security challenges indefinitely.”

Eric Herzog, Chief Marketing Officer (CMO) at Infinidat, underscores that “IT security teams must recognize that IoT not only generates vast amounts of data requiring protection but also introduces connectivity among components, creating potential entry points for malicious actors.” Infinidat, an Israeli company, specializes in data solutions with a strong emphasis on cybersecurity.

Cyber Resilience Regulation: Setting Security Standards for Businesses

In September 2022, the European Union introduced the Cyber Resilience Act (CRA), establishing mandatory cybersecurity requirements for businesses. This regulation aims to protect consumers and companies by mandating continuous vigilance throughout the lifecycle of products. Many products, including Industrial Internet of Things (IIoT) devices, lack security standards or regular updates, creating significant risks for both users and manufacturers.

The CRA addresses this by setting uniform cybersecurity standards for products, with CE marking required to certify compliance. The regulation specifically targets IIoT devices previously unregulated in terms of security. By establishing binding security requirements, the EU aims to mitigate risks associated with the growing interconnectivity of IoT devices.

Together, the CRA and the NIS2 Directive form a comprehensive legal framework to enhance cyber resilience within European businesses and organizations. These measures demonstrate the EU’s robust and coherent approach to countering cyber threats, safeguarding both its economy and citizens.

Cyber Resilience and IIoT

Cyber resilience refers to an organization’s ability to maintain its core functions during and after a cyberattack. This concept is especially relevant in industrial settings and the IIoT context. The increased connectivity of devices raises the risk of cyberattacks, which often unfold in stages: attackers may first introduce malware to steal or compromise data. In many cases, they follow up with ransomware, encrypting data to demand payment.

A report by the Bundesamt für Sicherheit in der Informationstechnik (BSI – German Federal Office for Information Security) highlights that “cybercriminals now go beyond simply encrypting data. They often escalate threats by promising to publish stolen data and, in some cases, extend these threats to the company’s clients.”

Experts at Deloitte emphasize the importance of comprehensive security strategies to counter cyber threats. While rapidly evolving hardware, software, and increased system connectivity offer unprecedented productivity gains, they also introduce new IIoT security risks. Continuous monitoring of network traffic and system activities aids in early detection of unusual events indicative of malicious activity. Advanced analytics and machine learning tools can identify anomalies and trigger alerts, enabling rapid and coordinated incident response.

Affected systems must be quickly restored to operational status, requiring data recovery from backups, incident analysis to address vulnerabilities, and preventive measures to avoid recurrence. Security experts differentiate between preventive measures and reactive/detection strategies:

Preventive Measures:

  • Network visibility and monitoring
  • Penetration testing and regular vulnerability assessments
  • Risk evaluation and management
  • Network segmentation
  • Regular security updates
  • Access control with restricted permissions
  • Redundant systems for critical infrastructure and processes
  • Security awareness training
  • Data protection and backup
  • Emergency plans with clear roles and procedures
  • Endpoint security

Detection and Response Measures:

  • Intrusion detection systems
  • Anomaly detection
  • Cyber insurance
  • SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms
  • Endpoint detection and response (EDR)
  • Network detection and response (NDR)
  • Digital forensics
  • Threat intelligence platforms

An Evolving Security Architecture

Emerging trends, such as edge computing, bring data processing closer to the source devices, reducing latency and enhancing efficiency while improving security by minimizing transmitted data. Specialized IIoT security platforms are gaining traction, enabling centralized monitoring and management of IIoT device security.

Josh Eastburn of Opto 22 highlights that industrial devices at the network edge can enhance efficiency while bridging IT and operational technology (OT). These devices integrate the technologies necessary for secure edge operations, fostering collaboration and trust between IT and OT teams through regular verification processes.

The “Industrial Cybersecurity Industry Analysis 2023” by EY reveals that while cybersecurity levels for operational technologies (OT) in critical infrastructure and manufacturing remain low, awareness of cybersecurity risks has led to increased investments. Westlands Advisory projects OT cybersecurity spending to grow from $8.4 billion in 2023 to $26.9 billion by 2030, with an annual growth rate of 18%.

To address unknown scenarios, organizations must adopt continuous monitoring, combining passive and active scanning with machine learning to detect deviations from a baseline state. Asset owners should implement security models focusing on human, technological, and operational aspects.

EY predicts significant improvements in OT cybersecurity maturity among large industrial organizations by 2030. Many companies are expected to merge security services, ensuring enterprise-wide visibility and equipping OT personnel with the necessary training. Cloud-based security management will become prevalent, driven by asset owners or managed service providers, with a particular focus on safeguarding 5G wireless networks.

Cybersecurity across the supply chain is also anticipated to mature, incorporating security-by-design principles into industrial processes. Recognizing that absolute security is unattainable, businesses must prioritize cyber resilience to prepare for IoT-targeted attacks and create robust defenses to protect their most valuable asset: data.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.