Careful Connections are Key to Mitigating Cyber-Attacks on IIoT Systems

Energy plants and factories have always been prime targets for delivering a devastating setback and psychological blow against an enemy. Today, successful attacks against critical infrastructure can be launched in cyberspace. In 2015, a cyber-attack on a Ukrainian power station caused a loss of power affecting 225,000 customers and the world took note. In the U.S., the Department of Homeland Security (DHS) has raised concerns over the growing number of cyber attacks on industrial control networks. In response, they recently published guidelines to “provide a strategic focus on security and enhance the trust framework that underpins the IoT ecosystem.” The document calls for a combined approach. Among the measures discussed are considered connectivity and defense in depth. Managed Virtual Private Network (VPN) connections and two-factor authentication can help secure critical connections to give IIoT data traffic the in-depth protection it needs.

Top 5 security vulnerabilities are always the same

The research and analyst firm techconsult issued a summary of the five major security vulnerabilities in SMEs and public organizations in Germany at the start of 2017. Their annual study Security-Bilanz Deutschland reviews IT and information security based on a representative survey of more than 500 interviews in companies and non-profit organizations. The results are sadly not that surprising each year. Although the organizations surveyed are aware of the problems and have the resources to deal with them, unfortunately they either approach issues through the wrong channels, inconsistently or too late.

Protecting virtual worlds of data in motion

In 2017, 69% of all applications will reside in the cloud according to Cisco. As we rely increasingly on benefits made possible by further advances in Industrial Internet of Things (IIoT) and mobile devices, it’s a statistic that will continue to rise. The challenge for enterprises today is how to protect data as it streams constantly between physical mobile/IIoT devices to virtual repositories in the cloud and back again. Until corporate IT departments fully manage and stay on top of security, large breaches will continue to make the headlines. Statistics revealed in the Ponemon Institute 2016 Global Cloud Data Security Study show there is still much to do. The study found that nearly half (49%) of cloud services in the enterprise are outside corporate IT’s domain, while around 47% of corporate data stored in cloud environments are not managed by the IT department.

Lack of encryption is putting customer data at risk

Security researchers investigating the Yahoo data breach believe that a failure to use proper encryption is one of the prime reasons behind the hack. If this is right, then many more organizations may be putting customer data at risk. A report by Gemalto and the Ponemon Institute found 92 percent of businesses encrypt just 75 percent or less of their sensitive and confidential data when it is sent via the cloud. The proportion of respondents that encrypt data stored in the cloud is even lower at 40 percent. Worryingly for customers, it is their data that is the most common form of information left unencrypted. This places customer data at considerable risk of being viewed or even harvested by hackers. A simple way of protecting cloud data on its journey from device to cloud storage is to encrypt the whole process using a VPN tunnel.

VPN and Bitcoin: A Cloak of Invisibility for Shoppers of Digital Goods

Bitcoin, the digital currency underpinned by block chain technology, is still in its infancy and users are only just beginning to scratch the surface of its full potential. Even so, things are already heating up for dealers in Bitcoin. This year, the total value of Bitcoin transactions is expected to exceed $92bn – up around 240% from under $27bn in 2015. Bitcoin transactions typically make use of aliases or nicknames to disguise user identities but this does not make them anonymous. However, the combination of a virtual private network (VPN) and Bitcoin can guarantee privacy. The encrypted connection provides a cloak of invisibility for all transactional data and provides complete anonymity for buyers if they want it. This is especially true when purchasing digital goods like software, books, reports, databases and so on.

Making IIoT Security More Robust

Once again Internet-connected gadgets, also known as the Internet of Things (IoT), are expected to be a gift for retailers this Christmas in helping them towards bumper sales. However, in many ways, the hyperbole surrounding consumer IoT is a mere side-show. According to McKinsey Global Institute, the real value of IoT lies with industry. McKinsey expects factories to be the top market for Industrial Internet of Things (IIoT), accounting for $3.7 trillion per year by 2025. Presently, IoT technology in general is relatively immature. Issues such as security and manufacturing standards are still the subject of much debate. However, the primary focus of the world’s professional engineering bodies is how to make IIoT more robust. In this respect, Virtual Private Network (VPN) technology has an important part to play by ensuring data traffic is secured at device-level and encrypted at all times.