Let’s begin by laying out the facts:
- Fact n.º1: we are currently living through the Fourth Industrial Revolution – or Industry 4.0 – where humans and technology are more connected then ever;
- Fact n.º 2: the Internet of Things (IoT) is one of the fastest growing markets out there and a foundation for Industry 4.0 – it is expected to be worth $3.96 trillion in 2030;
- Fact n.º3: IoT’s interconnected devices are dominating our everyday lives, but also leveraging modern businesses around the world, in areas like transportation, manufacturing, healthcare, retail or agriculture.
So what exactly is IoT? How do businesses benefit from using these devices? What cybersecurity challenges should we be aware of? Let’s break this down and fully understand why IoT is an undeniable part of our future.
What is IoT?
The Internet of Things – a term coined in 1999 by the British technology pioneer Kevin Ashton – is a network of interconnected physical devices and objects that can communicate and exchange data between them over the internet. Quite literally, it means to integrate our “things” with the internet, so we can remotely control them using our smartphone, tablet or computer.
These smart devices are not only present in our everyday lives, but also in the way businesses operate. Here are some of the common examples of IoT applications:
- Home appliances: smart televisions, security cameras, air conditioning, door locks, vacuum cleaners, irrigation systems, etc. The automation of home devices like these not only provides more comfort, but also energy efficiency and security;
- Wearables: smartwatches, fitness trackers, Augmented Reality (AR) headsets, smart glasses, etc. Devices like these could be entertainment-oriented, but also very useful to monitor health in real time;
- Cars: performance monitoring; GPS; autonomous driving; alarm control; infotainment screens; real-time traffic updates, etc. All of these features are made to assist the driving experience, but also to make it more enjoyable;
- Manufacturing: Machine-to-Machine (M2M) communication; predictive maintenance; logistics management; fire and radiation sensors; etc. Capabilities like these help improve productivity and reduce risks;
- Healthcare: remote patient monitoring (RPM); medical equipment maintenance and location tracking; inventory management; etc. The goal is to provide better and real time healthcare, while optimising the medical staff’s tasks and reducing costs;
- Retail: self-checkout; inventory management; customer behavior analysis; shipment tracking; etc. All of these are ways to improve customers’ experience, make the employees’ jobs smoother and keep up with shopping trends;
- Agriculture: soil, weather and crop conditions monitoring; solar-powered devices; autonomous irrigation; etc. The goal is to implement more sustainable practices and lead to more profitable harvests.
Top benefits of IoT for business
The million-dollar question is: why do IoT devices contribute to increase companies’ productivity?
- Higher efficiency and innovation
IoT devices leverage the latest of technologies, including Artificial Intelligence (AI), Machine Learning (ML), Cloud Computing and Analytics. All of these can help companies break new ground, produce at a larger scale, with more speed and less risk, thus gaining competitive advantage;
- Better customer experience
How customers behave, what they’re looking for, how their journey can be personalised, how to increase engagement and loyalty are challenges that IoT is prepared to overcome, by collecting and analysing data on a deeper level;
- Reduced operational costs
By helping prevent and manage issues before they affect business, by optimising workflows and providing real-time data about market conditions and customers, IoT leads to significant cost savings;
- New insights and business models
With the information provided by IoT technology, companies can acquire the knowledge and confidence they need to develop and launch new products, services and even business models (e.g.: subscription-based);
- Enhanced safety and security
The ability to monitor workplaces and equipment in real-time – by using sensors and cameras – makes IoT especially valuable when it comes to keeping employees safe, but also data and machinery.
It is not surprising, then, that businesses are investing more and more in IoT technology – by 2030, the total volume of enterprise IoT devices is expected to reach 18 billion. According to the International Data Corporation (IDC), the industries currently investing more in IoT are manufacturing, professional services, utilities and retail.
IoT progress and challenges: a developer’s point of view
IoT devices are not only growing in number, but also in quality. According to Vítor Santos, Alter Solutions’ software development expert, there has been (and will continue to be) “improvement of microprocessors, and development of new and faster ones”. “Also”, he adds, “there are new Single-Board Computers (SBC) with processors and components that enable the progress of data collection projects, sensor integration, and improved connectivity.”
For Vítor, the benefits of IoT for companies are undeniable. “With the implementation of IoT, it is possible to assess and analyse specific processes related to production performance at different times”, he explains. “A good example of this is the application of IoT in the agricultural industry to assess soil quality, water quality, among other factors. The use is so vast that it can be employed in areas like security, as a means of monitoring and tracking”.
However, our developer believes that one of the biggest challenges today, regarding IoT devices, is precisely the lack of understanding of advantages like these. “There is lack of information regarding the benefits that IoT can provide to businesses, as many of them are unaware of this tool”, Vítor claims, adding a few other challenges to the mix: “There is also the need for specialised experts (which are not easy to find), the fact that many projects require prototyping, and connectivity issues in remote areas, making the development process significantly more time-consuming, due to all the initial planning involved”.
Last, but not least, one of the most pressing challenges has to do with cybersecurity. “It requires significant investment due to threats like hacking, device control, and malware infection”, Vítor points out. That’s exactly what we’ll cover next: the details of this particular challenge, with the help of other Alter Solutions’ talented experts.
Cybersecurity at the heart of IoT
We’ve just settled that one of the main challenges of IoT technology is related to cybersecurity. Each of these complex devices is, in fact, an entry point for cyberattackers, so the number of threats and cyberattacks has been growing proportionally to the number of IoT out there. According to Statista, there were over 112 million IoT cyberattacks worldwide in 2022 alone, a substantial number given that in 2021 there were 60 million attacks and, back in 2018, 32 million.
Plus, considering that around 10 million new IoT devices are added to the network every single day, and that 57% of corporate connected objects are vulnerable to attacks, it is crucial for businesses to invest in a robust IoT security strategy.
Threats and challenges
First of all, what are the main cybersecurity threats and challenges associated with IoT devices? Alter Solutions’ cyber team identifies the following:
- Limited resources
Many IoT devices have constrained computational resources. This means that they can't always support advanced encryption or security protocols, making them easier targets;
- Insecure default settings
Many devices come with default credentials (like “admin/admin”) and users often don't change them. Devices with these vulnerabilities can be easily accessed by malicious actors;
- Lack of updates
Some IoT manufacturers do not offer the capability to update the device's firmware or software, leaving them indefinitely vulnerable to threats like malware or ransomware. Even when updates are available, users might not be aware of them or might neglect to install them;
- Insecure data storage and transmission
Some IoT devices might transfer data without encryption or store data insecurely, exposing sensitive information. For instance, there have been cases where smart home security cameras transmitted unencrypted video feeds that could be accessed by others;
- Physical security threats
Given that many IoT devices interact with the physical world (e.g., smart locks or smart thermostats), any disruption can have direct physical consequences. A hacker could potentially unlock a smart lock remotely, gaining physical access to a property;
- Increased attack surface
As more and more devices get connected to the internet, the potential entry point for cyberattacks increase. A vulnerability in one device could potentially provide a backdoor into a connected network or system;
- Permanent Denial of Service (PDoS)
In these attacks, the device's firmware gets corrupted to the point that the device cannot function anymore (e.g., there was a malware known as BrickerBot that aimed to permanently disable insecure IoT devices);
- Lack of awareness and knowledge
The general population might not be aware of the risks associated with connected devices. This can lead to soft security practices, such as not changing default passwords or failing to secure devices properly.
Best practices for companies
Now let’s get into the good part: what can businesses effectively do to make sure their IoT devices and overall security are covered? Our cybersecurity team recommends several relevant actions:
- Change default credentials
Always change default usernames and passwords before deploying devices. Encourage consumers to change default credentials upon first use;
- Regular updates and patches
Ensure that devices can receive regular firmware and software updates. Automate this process if possible, and always inform users of critical updates;
- Secure data transmission
Use end-to-end encryption for data in transit between the device and servers or other devices;
- Secure data storage
Store data securely using encryption, both on the device and on any cloud servers. Ensure robust access controls;
- Network segmentation
Keep IoT devices on separate networks or VLANs to ensure that if one device is compromised, the intruder cannot easily access the entire network;
- Device authentication
Ensure devices can authenticate themselves before they connect to a network or another device. This can be achieved using cryptographic methods;
- Secure development lifecycle
Integrate security from the very beginning of the device's development phase. This includes secure coding practices, regular security audits, and penetration testing.
Speaking of penetration testing (or pentesting), that is one of the most relevant cybersecurity services Alter Solutions provides to protect your IoT devices. One of our cyber experts explains how it works: “In IoT Penetration Testing, we simulate real-world attacks on the device, its communication protocols, back-end services, and any associated applications. Attackers may attempt to intercept data transmissions, manipulate device functionalities, or breach its associated network”, he clarifies. The goal is to identify vulnerabilities that need to be addressed.
Our cyber specialist also guarantees that the pentesting team relies on the latest technologies and techniques to perform this service. “We have the latest tooling on hand – like Proxmark, soldering tools, or Flipper Zero – and conduct various Research & Development projects where we find vulnerabilities and report them. We also actively contribute to the Proxmark RRG repository, to stay updated with the latest in RFID security, ensuring that the pentesting techniques we use are cutting-edge. Additionally, these contributions can enhance the tool's capabilities, benefiting the broader cybersecurity community.”
Steps towards IoT in your business
Now that you know a whole lot more about IoT, you’re probably wondering which steps to take in order to ride the wave. Here’s our advice:
- Decide which IoT technology best fits your business needs and goals;
- When making that decision, make sure that technology is easily integrated with your current network and system, and also make sure it is scalable (we can help you with that);
- Challenge us to develop a project plan for you and to assemble a highly skilled development team;
- Don’t forget to invest in a reliable cybersecurity strategy;
- When everything’s in place, you can start reaping the benefits.