Posted on

5G in Europe: Deployment & Practical Uses

During the first half of the year 2020, we witnessed an unparalleled, accelerated evolution to mass home-working, living, and leisure during the pandemic. This has uncovered the significance and critical aspects of our network infrastructures. Some of these changes in behavior and working are likely to persist or re-emerge in the years to come.

 

Increased bandwidth demands combined with the fluctuating geography of mobile usage and longer peak hours, highlight the need for innate investment in telecom infrastructure, and a regulatory framework that encourages this.

 

 

The European Round Table for Industry (ERT) recently released an Assessment paper on 5G technology roll-out in Europe. The ERT summarized that Europe and some of the largest individual nations are well behind global competitors in deploying 5G technology.

 

However, the European Union is taking steps towards redressing the situation as it moves to full 5G coverage in the near future. A very possible endeavor seeing as two out of the top three global companies, Ericsson and Nokia are also European companies, that continue to lead the global 5G rollout race.

 

First Steps Towards Practical Uses of 5G

Irrespective of whether the business is a start-up, a corporation, or an LLC, 5G networks will reimagine business as we know it.

Manufacturing optimizations

In Sweden, Atlas Copco Industrial Technique recently installed a private 5G network in the integration lab to bring operational efficiencies and cost savings to the manufacturing process. training & skills acquisition

 

This is one of the first 5G implementations for industrial purposes in the world and one used to develop 5G ready industrial tool solutions for customers worldwide.

 

2018 also saw telecommunication giants Nokia and Telia Company AB conduct what is being described as the first “real-world” industrial applications of 5G manufacturing.

Both companies leveraged the ultra-low latency, high-bandwidth capabilities of 5G to support time-critical applications, enhancing production and efficiency in a manufacturing environment.

 

 

As the demand for manufacturing optimizations increases, join in the discussion about smart and lean production advancements in modern industrial organizations at our 600Minutes virtual events, IndustryForum on Smart Machinery and Services (Finland), Smart Manufacturing, and the Executive Club Manufacturing in Sweden.

 

Retail

Amazon Go

Amazon Go is a recent example of a retail outlet with the potential to transition seamlessly to a staff-less experience. Amazon utilizes dozens of sensors to provide real-time inventory visibility and update pricing according to demand. It is a similar technology to those used in self-driving cars to automatically detect when products are taken from or returned to the shelves, keeping track of the products in a virtual cart. Once completed, shoppers can simply walk out of the store with the products. The system then charges their Amazon account and issues a receipt.

 

In essence, improved connectivity empowers retailers to monitor customer behavior more closely and make educated decisions to better engage shoppers, increase sales, and reduce operating costs.

 

Join our virtual events for the chance to exchange thoughts and ideas with fellow business leaders on the future of retail: The 6th Annual European Strategy Forum (The Netherlands), IndustryForum Retail (Germany), and the Executive Club Retail in Sweden.

 

Smart Homes and Cities

Steelcase partnered with Ericsson to create the next generation office environment using 5G and IoT – Steelcase WorkLife CenterSmart City

Together, they are testing new use cases for the workplace that will allow team members to collaborate more efficiently and effectively. Employees will be able to create smarter, connected solutions, for example, ones that can serve as an interconnected layer to support digital wayfinding, asset location, and room scheduling

 

This web of connectivity will enable maintenance of the infrastructure and manufacturing systems, as well as robust flow control, adjustment, and fine-tuning of operating parameters to respond to real-time fluctuations in the environment and processes, as they occur.

 

The demand for urbanization continues to grow in vast cities. Meet other industry leaders and join the discussion on the smart and sustainable development of our future cities at Smart Cities & Sustainable Societies and Smart Buildings & Facilities in Sweden.

 

Healthcare

During the 5G Healthcare Vodafone Conference & Experience Day in Milan, remote surgery operation was carried out for the first time in Italy over a 5G network in collaboration with the Italian Institute of Technology (IIT) and the IRCSS Hospital San Raffaele.
Professor Matteo Trimarchi performed the procedure from the Vodafone Village on a synthetic larynx model at the San Raffaele hospital, at the opposite side of the city.

 

The Government of Catalonia, SEM, Vodafone, i2CAT, IECISA, and 5G Barcelona are working together to develop advanced communication tools for 5G connected ambulances, highlighting how 5G networks affect critical areas such as healthcare.

 

Connected ambulances are already being used to receive specialized remote real-time HD video support while carrying a patient, and ambulances will soon also gain Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2i) capabilities to ensure they have access to clearer roads on the way to the hospital.

 

Explore the latest innovations and solutions that are aimed at improving health outcomes for patients and communities in the digital age at the IndustryForum Healthcare (The Netherlands) and the IndustryForum Hospital Healthcare (Germany).

 

 

Connected Transportation

The future of transportation is accelerated. New business models, limitless consumer experiences, and financial opportunities in the industry appear almost daily.Smart City

 

According to Intel, connected cars will save 250 Million commuting hours and increase productivity gains by US$507 Billion by 2030. The transportation industry also stands to gain over US$6 Trillion from pilotless vehicles, autonomous business fleets, and ride-hailing services.

 

Ericsson and Telia in partnership with Einride are developing an Autonomous Electric Transportation (AET) solution for next-gen driverless vehicles. AET is an example of how 5G facilitates all-electric road freight transportation with the potential to reduce CO2 emissions by 90%, and eliminate harmful NOx emissions and ultrafine soot particles.

 

Conclusion

Businesses stand to benefit significantly from the increased speeds, reliability, and power provided by 5G infrastructure. New and existing technologies such as the Internet of Things (IoT), Smart Cities, Big Data, Autonomous Vehicles, Virtual Reality (VR), and Augmented Reality (AR) can reach new heights.

5G networks will undoubtedly enhance the speeds at which data is transferred from point to point, directly transforming how businesses work and operate to become more resilient and competitive. With increased productivity, companies will experience increased revenue and significantly boost the EU economy.

Posted on

Mind The Talent Gap: Bridging The IT Shortage

IT talent shortage is a top barrier for many industries as the business world advances steadily into the digital era.

Analytics Insights reported these global skill gaps:

  • Artificial Intelligence – 66%
  • Cyber Security – 64%
  • Internet of Things – 62%
  • AR / VR – 61%
  • Robotics – 60%
  • Big Data – 58%

In fact, Gartner’s survey discovered that global talent shortage is now the top emerging risk for organizations while 75% of enterprises are anticipating skills gaps in key IT roles post-outbreak.

What’s even more concerning is Korn Ferry Institute’s finding, which estimated a worldwide deficit of 4.3 million tech-skilled workers by 2030.

 

THE SHORTAGE PROBLEM

 

Although companies are aware of the importance of tech talents in the ever-changing digital landscape, recruiting much-needed IT professionals to close the talent gap is not an easy task.

Major reasons behind the digital skills shortage include:

 

  • Lack Of ICT Graduates

 

Representatives of the tech and education sectors believed there is a disconnect between tech employers and universities on the digital talent wanted by the industry, leading to ‘skills mismatch and unemployable graduates’.

One of the dilemmas is the speed of technology. The world is either churning out new inventions or updating existing technologies to the point that institutes are unable to keep up. Even when the universities are aligned with industry needs, 95% of the curriculums take roughly two years to change.

 

  • Shallow Pool Of Talent

 

With the demand for different skillsets, employers of today are not just wrestling with one digital talent gap but “hundreds of discrete shortages and surpluses”.

However, tech giants, such as Apple, Microsoft and Google, attract more than the fair share of available talent worldwide, and companies without the resources of the economic powerhouses are left at a disadvantage.

 

  • Outdated Workforce (& C-Level) Skills

 

Although the rapid progress of technology enables improved business efficiency, it also means that employee skillsets become obsolete quicker.

4 out of 10 workers fear they’ll lose their job within 5 years due to outdated skills while the World Economic Forum conveyed that “54% of all employees will require significant reskilling by 2022”. However, many don’t realize that the digital gap extends to the C-suites as well.

The MIT Sloan Management Review reported that upper-level executives are out of touch with the digital savviness required for these highly technological times, highlighting that less than 15% of surveyed executives believed their leaders have the right mindset and skills to lead in the digital economy.

 

BUILDING THE BRIDGE

 

The challenges of finding talents and upskilling workers while keeping pace with the speed of innovation seem like a herculean task. Thus, functions, from HR to the C-levels, must work closely with one another to discern and acquire the digital skills vital for a successful digitalized company.

 

  • Talent Management Strategies

 

Hiring is the top action companies across the regions take to solve IT shortage, followed by retraining and building skills, but many firms are ‘flying data blind’ in regards to the talents they require for their digital transformation.

 

SKILL GAP ANALYSIS

 

Conducting an IT skill gap analysis, such as the steps recommended by The Predictive Index or the template by Capterra, helps to pinpoint missing digital talents and crucial technical knowledge among employees in the company.

Once a clear plan on the necessary skills has been established, hiring managers will fully understand what talents to find and the required proficiency levels. But just that is not enough as organizations should continuously invest in talent acquisition capabilities, and nurture the talent pipeline to enable quicker business transformation.

 

DEPLOYING & UPSKILLING

 

Effective talent deployment is another method for minimizing the tech talent shortage. Companies should optimize their existing workforce by taking inventory of available digital talent, and deploying those with tech skills to essential key roles while training them to further advance their competencies.

On upskilling, organizations can organize peer mentoring or coaching sessions, where team members with digital tech skills are able to help hone the desired talents in other employees. It should be noted that mentoring may take considerable time before the skills are adequately learnt and applied, but is one of the least costly ways to upskill the workforce.

 

LEARNING & DEVELOPMENT (L&D)

 

Research found that 83% of workers global-wide want their leaders to provide opportunities to learn new skills whereas more than two-thirds wish their companies would increase the budget for digital skills development. These findings indicate that workers feel their employers are not doing enough to drive the talent growth of the staff.

Enterprises should ensure that their internal training anticipates upcoming shifts in technology, and be aware of the skills needed to meet digital transformation across the board. For instance, Adobe conducts its own skills-growth training for employees, offering intense machine learning training programs to both technical and non-technical staff.

 

  • New Sources Of Talents

 

As mentioned earlier, it’s a global race to attract the best tech talents. In an increasingly shallow pool of talent with industry sharks swiping top IT professionals, firms must seek other sources of talents to progress their digital transformation.

 

MINORITY TALENT GROUPS

 

Salesforce’s President, Miguel Milano, wrote that businesses should tap into underutilized seas of talents, such as minority groups and those without college education. Howard Elias, President of Services and Digital at Dell Technologies, corroborated with Milano’s statement, stating that Dell seeks to hire those who are traditionally underrepresented in tech, which include women, people with autism, and other groups largely excluded from the industry.


 

“Diversifying teams does more than solve a shortage of workers, it also makes good business sense,” Elias mentioned, citing McKinsey’s recent study that discovered companies with higher gender and ethnic diversities are more likely to record better financial returns

 

VARYING EXPERIENCE LEVELS

 

The Wall Street Journal, on the other hand, revealed how older IT professionals are being passed over by employers for much younger talents, despite the shortage of IT workers. The reasons behind the choice range from lack of skills in the artificial intelligence (AI) era to the cost of compensation packages. 

However, the Executive Vice President of Robert Half, John Reed, believed that, “hiring managers can’t afford to overlook any potential talent pool” as companies will lose the advantage of having a team with varying experience levels to tackle different tech issues.

 

GIG ECONOMY

 

Another talent source is the gig economy. The emergence of the gig economy, or contract work, has significantly changed the traditional work dynamics, being dubbed as the ‘future of work’.

Reworked, a digital publication, commented that skills such as AI, natural language processing (NLP) and data engineering would be best filled by gig workers as “organizations are realizing they only need access to this skilled work for a limited time.”

 

START FROM THE TOP

 

Although companies should focus on training their workforce, the C-suites themselves must ensure that their digital skills are up-to-date. At the same time, CEOs and other C-level partners are encouraged to be actively involved in the development of corporate learning

 

  • Chief Learning Officer (CLO)

 

Most organizations have an L&D department tasked with driving effective corporate learning. Oftentimes, though, the training programs either lack analytical data on determining the agenda or lack the adaptive advantage of innovating according to market conditions.

This is why it’s vital for CEOs to make learning a C-suite priority by designating a Chief Learning Officer (CLO) to head the L&D function. Industry giants such as General Electric and Merck, for instance, appoint CLOs to oversee the ‘corporate learnscape’, utilizing data, science and other relevant learning in the workflow.

 

  • C-Suite Upskilling

 

Upskilling shouldn’t be limited to employees. Top executives should also scrutinize their C-suite tech skills inventory, and seek to improve their knowledge and experience in high technologies for greater chances of successful growth.

With the digital revolution strongly underway, the C-levels must have an intimate understanding of digital innovations and how they impact the organizations. Unfortunately, not all leaders comprehend technologies, as seen in the case of cloud transformation, which can cause misaligned goals and stalled projects.

 

  • Change of C-Level Mindset

 

Change is ever consistent, and leaders who are unwilling to embrace the technology-driven future of business risk falling behind their competitors, especially in the current time of remote working and digital business.

According to Management Events’ Executive Trend Survey, respondents stated that lack of experimentation and organizational support are top internal challenges when adopting new technologies in their companies, showing that some leaders are deeply rooted in the ‘legacy mindset’.

Before analyzing and closing the skills gap among the workforce, C-suites must ask themselves, “Are they equipped with the digital abilities and mindset to tackle the demands of the new economy?”

 

IN CONCLUSION

 

Many leaders may be ill-prepared to manage the tech skills gap, but that is why the whole executive team must come together to tackle the IT talent gap in today’s digital world – from HR leaders morphing into digital change agents able to drive talent strategies to respective C-levels analyzing missing skills and developing an integrated learning ecosystem.

There’s no single solution to address the digital skills shortage, and organizations may need a mix of approaches to close the gap. But whatever the case, businesses must start now to rectify the shortage of IT professionals and prepare actions for future talent disruptions.

Posted on

Silver Peak & Zscaler: Making SASE Work for You

As part of their digital transformation strategy, many enterprises are actively migrating applications to public cloud infrastructure and Software-as-a-Service offerings. Enterprise IT objectives and expected benefits of cloud migration include:

  • Increased agility
  • Higher application performance and availability
  • Improved application accessibility for users
  • Reduced data center footprint
  • Lower costs

Unfortunately, the transformational promise of the cloud often falls short of meeting these expectations.

Why? Because traffic patterns have changed.

They have changed not only due to the migration of apps to the cloud, but also in response to today’s “work-from-anywhere” world. Users now access applications from anywhere, from any device and across diverse WAN transports, including residential broadband.

IT has quickly come to realize that making incremental investments in their legacy routers and firewalls didn’t yield the desired outcomes. Traffic bound for the internet was still backhauled to the corporate data center, adding unnecessary latency and negatively impacting application performance.

What’s required is a complete transformation of the wide area network, and this transformation has fueled the biggest evolution of the WAN in two decades: the software-defined wide area network, or SD-WAN.

The combination of workers accessing business applications from home and remote locations (e.g. airports, coffee shops), along with the explosive growth of IoT devices is rendering the traditional enterprise security perimeter ineffective. Today’s cloud-first enterprise must arm workers with a security service solution that follows them wherever they go.

As we’ve already seen, continuing to use a hub-and-spoke architecture, backhauling internet-bound traffic to the data center for advanced security inspection, results in a sub-optimal user experience. What’s needed is a complete transformation of security infrastructure, and this has driven the rapid adoption of modern cloud-delivered security services.

WAN Transformation + Security Transformation = Digital Transformation

Only by transforming both the WAN edge and security architectures can the full promise of the cloud be fully realized.

In a report published by Gartner in November 2019, they proposed a new model called the secure access services edge – SASE for short. The model describes the integration of core WAN edge capabilities such as SD-WAN, routing and WAN optimization at the branch locations with a comprehensive array of cloud-delivered security services such as secure web gateway (SWG), firewall-as-a-service (FWaaS), cloud access security broker (CASB), zero trust network access (ZTNA) and more.

A key design principal of SASE is the transformation from complex hardware-laden branches to thin branches with cloud-native security services. The promises of the SASE model are many:

  • Improved user experience by delivering better application performance by breaking out cloud traffic locally over the internet from the branch
  • Operational efficiency by simplifying branch WAN infrastructure and through centralized orchestration of application, network and security policies
  • Reduced risk with consistent, always-up-to date, business-driven security policy enforcement
  • Increased business agility by significantly reducing the time to bring new sites and applications online or to update application and security policies

But simply adopting just any SD-WAN solution and cloud security offering is not enough to maximize the return on cloud investments described earlier.

While those individual solutions might deliver on the app performance/availability and accessibility promises and enable the shrinking of the data center, that approach falls short of delivering increased business agility and lower costs. And it won’t address consistent security policy enforcement across all users, locations and devices to mitigate risk to the enterprise.

What’s needed is fully automated orchestration of the WAN edge network functions and cloud-delivered security services. This is a 1 + 1 = 3 benefit for IT and the enterprise.

Posted on

600Minutes Executive IT: How IT Leaders Develop Agility In Times Of Crisis

The recent 600Minutes Executive IT held by Management Events revealed in-depth insights from over 300 top-level IT executives and solution providers from leading organizations in Sweden. 

In group discussions during the virtual event, CIOs across the industries lent their thoughts and opinions on leading in the virtual landscape and through times of crisis.


 

Virtual Leadership

As known the world over, the coronavirus outbreak has brought unprecedented circumstances to the business world, from urgent business continuity planning to lengthy operational disruptions.

As C-suites sought to keep their business operations running, remote working was widely established throughout organizations. But for many IT leaders, managing and leading a remote workforce is a novel experience, and they are faced with different levels of difficulties.

 

Obstacles and Challenges

There were multiple concerns expressed by the event attendees during the group discussions.

One IT executive mentioned that it’s a challenge to keep track of how employees are doing while another stated that it’s harder to pick up on what’s going on when they, as the leader, are working away from the team. Yet another participant expressed worry on the flow of information not reaching the teams.

But among the many hurdles, face-to-face communication and socialization seem to be the most worrying aspects of remote work. Participants were concerned on how to keep the teams together when they’re no longer physically meeting or interacting with each other.

This is especially the case for new hires, whereby organizations need to ensure proper onboarding of the employees and help in building relationships with the current teams. As an IT leader aptly explained, “Now, we are riding on the current company culture from the physical office, but for new hires, there’s a challenge to transfer the silent knowledge and culture that ‘sits in the walls’.”

Stagnancy is another worrying issue among leading IT directors and C-levels as teams don’t share as many ideas or brainstorm as much as before.

As one IT leader commented, “New ideas get lost as most meetings are within the same function. It’s important to keep in contact with decision makers in other functions in order to develop new ideas.”

Other worries and issues presented during the discussions were:

  • Investing more 1-to-1 time for the same output;
  • Difficulty in following up with their teams and getting concrete actions;
  • Lack of boundaries between work and non-work, resulting in potential burnout;
  • Struggles in starting new projects; and
  • Micromanagement.
 

Positive Outlook and Solutions

Even though there are concerns with coordinating a remote workforce, a number of participants are positive that working offsite, or telecommuting, can bring good results. As one attendee stated, “[Remote work] should not be seen as a cost, but an opportunity.”


 

For instance, a decision maker participating in the group discussions claimed that due to the outbreak and subsequent remote working situation, there’s now a stronger focus on innovation, which can help companies to discover business opportunities that were once neglected.

Others corroborated with his statement, saying that the coronavirus inadvertently led to the organization gaining momentum in digitalization, and they should use the ‘new normal’ as a chance to initiate strategic changes.

One example given is the use of iPads for the company’s operators for communication and training purposes, which in the past would have taken a very long time. Others mentioned how their organization now works more digitally and has increased efficiency in some areas, and how people are more innovative without so many contradictions.

 

As an IT director said, “Productivity increases during periods where we are forced to be more innovative.”

 

Additionally, it was a general agreement among the IT leaders that working remotely led to more efficient online meetings as staff seems more prepared, with specific agendas and smooth subsequent information flow and discussions.

Even though a number of attendees voiced out the challenges they’re facing in creating a successful digitalized workforce, they also suggested solutions to overcome the hurdles.

Some of the solutions for effective and progressive remote workforce management given by the participants include:

  • Developing policies and reinforcing them;
  • Raising morale through interactive and non-work-related activities, such as music quizzes;
  • Connecting more often with peers, teams and others from the company to gain different perspectives;
  • Having more dialogues with the workforce on handling the crisis and other work issues; and
  • Scheduling fun meetings and engaging sessions, such as a virtual coffee break, to replace physical socializing.

However, given the pros and cons of working remotely, quite a few of the top executives are looking to develop a hybrid solution of working from home and office.

 

Towards A Hybrid Landscape

“Remotely, productivity remains the same, or is even better, But for some cooperation and creative process work, there’s a need for physical meetings.”


“Virtual hiring is possible. However, physical meetup is still needed to hand over computers and phones, and to provide basic training on how to perform the job.”

 

The above statements are just a few comments from IT leaders who believe in having the best of both offsite and onsite worlds, and were discussing how to maximize value and efficacy in a hybrid office landscape.

Aside from providing possible solutions to the difficulties of building team relations and maintaining the innovation and development arenas, the hybrid solution also addresses the issue of trust.

As a participant mentioned, “If you don’t see your teammates and staff every day, more trust is required,” while another explained that, “In the past, it wasn’t part of leadership to ensure that their groups do their jobs from home.”

An IT executive in the discussion suggested a day or two per week working from home with the rest of the days in the office. Such a solution not only provides the flexibility for employees needing time to take care of family and personal business, but also answers the needs for department heads to have their teams for certain face-to-face tasks.

“A flexible workforce can lead to higher productivity,” a participant asserted.

 

Moving Forward

 As a top IT executive observed, “People react differently to the changing environment and working conditions.” However, overall, it seems that employees, and even customers, have adapted to the ‘new normal’ relatively fast, and companies are witnessing faster digital transformation and innovation than before.

Perhaps it’s true what a decision maker from the IT function said during the discussion – “We need more crises to develop further.”

Posted on

Internet of Things: Imperfectly Smart Devices

internet of things

Smart technology or IoT continues to shape both consumer and industrial domains. Achievable through the convergence of multiple technologies, which include machine learning, real-time analytics, commodity sensors, and embedded systems. Companies who miss an opportunity and or fail to innovate alongside IoT face the genuine possibility of being overtaken and fail over time.

 

IoT’s most significant trend in recent years is the explosive increase in connected devices, controllable over the internet. According to Fortune Business Insights, the global IoT market size stood at $250.72 billion in 2019. Projections indicate this number will reach $1.46319 trillion by 2027, exhibiting a Compound Annual Growth Rate (CAGR) of 24.9% during this forecast period. 2020 saw a rise in the following components of the IoT model; Networks and Communication, Sensors, Data Analytics (Cloud), and Applications, with different degrees of impact.

 

IoT brings a lot of benefits and new opportunities to businesses all over the world. Environmental sensors, machine learning capabilities, and artificial intelligence platforms provide various operational services for organizations across different industries. Although there are fundamental characteristics shared by most devices, the wide range of applications for IoT technology also means that the particulars can be entirely dissimilar from one device to the next.

 

Due to the large amount and variety of connected devices, IoT continues to implant itself deeper in our lives and society, making it another prime target for cyber-attacks. According to the IBM X-Force Threat Intelligence Index 2020, Financial services remain the topmost attacked industry, closely followed by the Retail sector. Ransomware and Magecart attacks were the most prominent attacks observed against retail and impacted at least 80 reported e-commerce websites in the summer of 2019 alone. Operational Technology (OT) targeting also increased by 2000% from 2018, with more attacks on Industrial Control Systems (ICS) and OT infrastructure than in the past three years.

Operational-Technology-Attack-Trends-2020-IBM-X-Force-Threat-Intelligence-Index-Report-1

Cyber-attacks are not new to IoT; the most common breaches are spyware, malware, and human errors. The latter is critical due to the increase in phishing tactics through email. Attackers have been impersonating consumer tech brands with tempting links to trick users into clicking malicious links. Consumer Technology giants such as Google & YouTube (60%), Apple (15%), and Amazon (12%), made up the bulk of targeted spoofed domains, where attackers hit due to the monetizable data they hold.

 

An innocuous IoT device should not be run unsecured. Therefore, both users and manufacturers need to accentuate and take cyber defense seriously. Thus, resulting in the real need to systematically understand the threats and attacks on IoT infrastructure to secure IoT devices against attackers. This article attempts to identify threat types, analyze, and describe intruders and attacks facing IoT devices and services.

 

Brute-forcing and Poor Passwords

IoT devices often require passwords for users to access and or control the device. According to Cybernews, the most common passwords worldwide are “123456”, “123456789”, “qwerty”, and the word “password” itself.  Weak passwords place your most sensitive information at risk and are similar to not using any password in the first place.

Weak Passwords

Manufacturers typically provide IoT devices with preset login credentials, making setup easier and consumer-friendly. These preset credentials are often openly available from a single web search and easily broken during brute-force attacks. Thus, IT administrators must replace the preset login credentials with significantly stronger credentials. The recommended way to go about this is to create quality passwords unique to the organization or the device and utilizing password managers.

An additional step would be to enable or implement two-factor authentication (2FA). Doing this instantly increases the security level by creating an additional lock that an attacker is less likely to access.

 

Improper Data Transfer and Management

IoT devices make automated decisions and carry out actions without requiring human-to-human or human-to-computer interaction. Thus, it is vital to the integrity of IoT applications that the source(s), data being fed, and produced are protected and verifiable at both ends. To achieve this, data must be encrypted from creation to consumption. However, this typically requires a higher level of encryption, cryptology, and intelligence than is easily achievable by the conventional one-way Transport Layer Security (TLS) encryption.

 

Furthermore, dynamic keys should be employed that ensure each data payload is encrypted with single-use keys that are not stored on the device itself or shared over the network, particularly over an insecure network.

 

Insecure Network

IoT devices require an active network connection to allow endpoints to communicate with each other over the internet. As a result, one of the initial and simplest attack methods a malicious attacker can deploy is to seek out weaknesses in running network services and the network communication model of connected devices.
training & skills acquisition
Attackers attempt to manipulate several vulnerabilities to obtain login credentials, communication tokens, and other identifiers that the Service Ecosystem uses to identify various endpoints. It is crucial to secure endpoints with industry best practices to protect data integrity, privacy, and Man-In-The-Middle attacks (MITM). One method involves encrypting device authentication data at the data-level paired to the public key. Consequently, any captured data should remain unreadable without the equivalent private key.

 

Unsecure Update Process

Firmware and other software patches are often required to be pushed out to IoT devices to prevent them from being compromised or left in a vulnerable state. Organizations have to upload these updates securely to each endpoint as soon as they are made available. Failure to secure access to the update, verify the sources, and integrity can have physical consequences, resulting in data loss and corrode brand reputation, introducing legal liability.

 

Even if vulnerabilities and loopholes are identified, not all IoT devices can be updated securely, and this may be due to the following reasons.

  • Wrongful or no firmware validation.
  • Updates are delivered in plain text or without encryption.
  • No anti-rollback measures
  • Users are not notified of available updates. This is a fairly common occurrence.

 

Implementing anti-rollback update mechanisms can prevent attackers from downgrading a device to an older software version with a known security vulnerability that the attacker can exploit.

 

Inadequate Privacy Protection

IoT devices, by design, collect and store a significant amount of users’ personal information. Unfortunately, not all manufacturers implement strong privacy or data management and protection policies. Those that do tend to begin by encrypting and implementing various layers of distinct checks and balances, providing data security between endpoints. When these security and privacy protection models are absent, improperly installed, or set up, glaring issues crop up.

 

One such example of improperly set privacy controls by the manufacturer was the TRENDnet Webcam Hack. TRENDnet marketed their SecurView cameras for various uses ranging from home security to baby monitoring and claimed they were secure, the FTC said.
Data Protection=However, they had faulty software that let anyone who obtained a camera’s IP address look through it — and sometimes listen as well. Thus for at least two years (2010 – 2012), the SecurView webcams allowed the transmission of user login credentials in clear, readable text over the internet! It did not just end there. Even their proprietary mobile app for the cameras stored users’ login credentials in clear, readable text, right on their mobile devices allowing anyone who obtained a camera’s IP address to look and sometimes listen through it as well.

 

Insecure Ecosystem Interfaces

The IoT ecosystem comprises all the components that allow consumers, governments, and businesses to network between their IoT devices. Some of these include networks, data storage, remotes, security, dashboards, and data analytics. Interfaces like a backend API that devices use to connect to a larger network ecosystem can also be compromised. A significant security concern to network operators and manufacturers is 5G network technology, which is expected to shoulder the connectivity load of IoT devices.

 

IoT devices, when integrated with centralized management platforms and legacy systems, are at high risk of being compromised by users who unknowingly introduce security vulnerabilities at the application layer. When such interfaces are compromised, it is often due to the previously mentioned reasons and improper traffic filtering.

 

Conclusion

Should an IoT vendor build its device or devices with insecure software libraries or other elements that are from an insecure source, then the device(s) will logically be insecure. Other means include using third-party software and hardware from a compromised supply chain or the insecure customization of Operating System (OS) platforms.

 

Manufacturers must comprehend that as more IoT ecosystems are being built, it is equally imperative to build security in, right from the very start. From sourcing components to firmware writing, initial installs, and throughout a device’s lifecycle. Thus, as more and more IoT connected devices come online, these and other yet undiscovered vulnerabilities need to take center stage.

 

Alongside poor management practices, targeted malware, and weak IoT architecture, IoT devices and technology can also be exploited through hard to detect zero-day vulnerabilities. Attackers continue to modify their malicious code to obfuscate better and spread within networks faster. Some of the better practices that should be applied to IoT technology include not over connecting your systems, not trusting a compromised device, particularly if it was compromised locally, and for vendors, frequently subjecting your code and hardware to third-party penetration testing (Black & White Box variants).

Consumer vs Enterprise IoT Attacks

In the future, a significant feature of IoT devices will be the ability to rapidly modify device configurations through remote tools and deliver innovative applications and capabilities. Additionally, all control updates, and packages, will include increased security and encryption to block attacks while driving more automated deployments.

 

The goal remains to enable a user at a local site with little to no background or understanding of IoT and IoT edge devices to connect a power cord, network cable(s), and walk away. Allowing the device to carry out self-provisioning and authentication automatically. Likewise, should a need to move the device occur, it can self-provision itself to its new location’s conditions and obligations.