Vulnerable IoT in Medicine, Manufacturing and CRITIS

Cybersecurity is still thought of in silos – that’s the conclusion of a study by Onekey. Among the highest risk areas are IoT devices and assets in medical (47 percent), critical infrastructure (45 percent) and manufacturing (39 percent). The particular risk in the IoT sector is that each device and asset has its own firmware – software that controls the device or asset itself. Since there are hardly any guidelines or binding specifications in this area, many manufacturers have so far placed little emphasis on seamless security against attacks.

Liability of the management level

Onekey also points to the increasing liability of company managers: “It is foreseeable that in the very near future, management will be held directly liable for failures in IT security,” says Jan Wendenburg, managing director of Onekey. This request was also emphasised during the Hanover Fair by the VDE – Verband der Elektrotechnik Elektronik Informationstechnik (Association for Electrical, Electronic & Information Technologies). Therefore, every component of an IT system – especially the software – must be completely verifiable and traceable.

Manufacturers could do more for protection

More than 300 company representatives surveyed agreed on the security provided by manufacturers for IoT systems: only 12 percent consider the measures for hacker protection to be sufficient, 54 percent see them as partially sufficient, 24 percent as insufficient and 5 percent even as deficient. According to Wendenburg, the key to greater security is to use automated security and compliance checks early on in the development of new smart devices, systems and machines. In the process, so-called “software bills of materials” can also be generated automatically at the same time.