Guest blog by Pippa Boothman, Disruptive Technologies.

One of the most important questions you should ask about sensor-based IoT solutions is how they’ll keep your critical systems and data secure. If a cyber attack alters information or interrupts processes, your equipment could misfire, overheat or shut down entirely. Instead of a smart solution you’ll have an expensive and time consuming cyber catastrophe.

Security concerns shouldn’t keep you from adopting IoT to increase efficiency and grow your business. But it’s important to know how to assess the security controls of an IoT solution so you can feel confident that your data and systems are protected.

How Complex IoT Architecture Opens the Door to Cyber Attacks

In the Internet of Things, many different technologies are linked together in an integrated ecosystem. Without the proper controls managing how these products connect to each other, a threat agent may be able to exploit security defects in any of one of them and circulate throughout your entire ecosystem without being detected.

Unfortunately, in the development of many first-generation IoT systems, security has been an afterthought. In the rush to launch products in an exploding IoT marketplace some early adopters of IoT technology built insecure architectures and didn’t take the time to test them from end to end.

The sheer diversity of machine-to-machine connections in an IoT solution adds to the variety of cyber security risks that must be managed. In complex, first-generation IoT solutions in place today, each product or system – including hardware, applications, firmware, networks, etc. – is typically developed and managed by a different company. It often isn’t clear who is responsible for managing security across the system as a whole. The more vendors involved in creating the IoT solution, the more difficult it is for you to maintain, test, manage and secure.

Particularly in Industrial IoT, legacy hardware and software is typically incorporated into an advanced, connected solution. Those older tools are used in new ways, performing functions well beyond their intended scope. They don’t have modern security controls built into their code to manage how data is exchanged; therefore, the IoT architecture must compensate to mitigate the risk. But what if it isn’t up to the task?

The Most Common Cyber Threats to Gateway-based IoT

First-generation IoT solutions typically rely on gateways as a node to connect sensors, devices, equipment and the cloud. Although gateways are an option to translate protocols and exchange information, they are single points of failure and notoriously weak.

Notably, poorly designed gateways open the door to man-in-the-middle cyber attacks. In a man-in-the-middle attack, threat agents intercept a communication between two systems and then pretend to be the original sender. They control output and trick the receiving system into providing continued access and information. Because attackers are masquerading as authorized users they can remain undetected for long periods of time while they continue to siphon data or disrupt operations.

Simple, Secure Architecture is Critical to the Success of IoT

We believe security can’t simply be “bolted on” to IoT solutions. It must be prioritized from the start of any IoT project and ruthlessly tested and confirmed.