Study uncovers vulnerable IoT devices and facilities: Medical, manufacturing and CRITIS

Study uncovers vulnerable IoT devices and facilities: Medical, manufacturing and CRITIS

IoT security report 2022 reveals significant gaps in cybersecurity

Düsseldorf/Germany, July 6, 2022 – Cybersecurity is still thought of in silos – that is the conclusion of a study by IoT security specialist ONEKEY. „In many cases, companies and entrepreneurs still think in classic silos when it comes to IT security. In doing so, the directly grown risk of many different firmware versions in IoT systems is often overlooked,“ warns Jan Wendenburg, CEO of ONEKEY. Areas of highest risk include IoT devices and facilities in health (47 percent), in critical infrastructure (45 percent) and in manufacturing (39 percent). More than 300 senior-level company representatives were surveyed for the „IoT Security Report 2022.“ „All areas of industry are vulnerable – because hackers consistently exploit every vulnerability, not just those requested by industry representatives,“ says Jan Wendenburg. The particular risk in the IoT sector is that every device and every system have their own firmware – in other words, software that controls the device or facility itself. Since hardly any guidelines or binding specifications exist in this area, many manufacturers have put little emphasis on seamless security against attacks so far.

Liability of the management    
The CEO of ONEKEY also points to the increasing liability of company managers: „It is foreseeable that in the very near future, the management will be directly held liable for omissions in IT security,“ says Wendenburg. This was also loudly demanded during the Hannover Messe by the VDE (German Association for Electrical, Electronic & Information Technologies). Therefore, every component of an IT system – especially the software – must be completely verifiable and traceable, according to Wendenburg of ONEKEY. The company, which specializes in IT security, runs an automated analysis platform for operating software of all devices and facilities with a network connection, but especially intelligent control systems in manufacturing, medical technology, critical infrastructures and many other industrial sectors.

Manufacturers could do more to protect  
The company representatives surveyed at least agree on the security provided by manufacturers for IoT systems: only 12 percent consider the measures taken to protect against hacking to be sufficient, 54 percent see them as partially sufficient, 24 percent as insufficient, and 5 percent even as deficient. „The key to greater security lies in using automated security and compliance checks very early in the development of new smart devices, plants and machines. This can also involve the simultaneously automated generation of “software bills of materials.“ “This way, a great deal of security and transparency is achieved with little effort,“ explains Jan Wendenburg.   

All results of the study „IoT Security Report 2022“ can as of now be downloaded online at https://onekey.com/iot-security-report-2022/.

About ONEKEY:  
ONEKEY (formerly IoT Inspector) is the leading European platform for automated security & compliance analysis for devices in industry (IIoT), manufacturing (OT) and the Internet of Things (IoT). Using automatically generated „Digital Twins“ and „Software Bill of Materials (SBOM)“ of the devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, completely without source code, device or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically fixed. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors and users of IoT technology to quickly and automatically check security and compliance before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, use this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.