technology trends Bjørn Søland, Nexus: ”IoT reminds me of the land rush” The development of IoT is reminiscent of the land rush in Oklahoma in 1889, when an area of unassigned land was opened to settlement – it is all about market share and positioning, not security, according to Bjørn Søland, Head of IoT Business Development, Nexus Group. He warns that IoT can become the Internet of Listeners and the Army of Things if security is not taken more seriously. By Henrik Söderlund you do not update the encryption keys or the software for 20 years, I can guarantee that there is a whole lot of data leaking. If you do not update, the client will not have a secure system”, says Bjørn Søland. Secure identity It is not only security products that suffer from an insufficient level of security – the same goes for many different types of connected devices. Bjørn Søland gives an example from the US in 2015, when a blood infusion pump was hacked. It did not require any authentication and the hacker could get access rights and basically control it anyway he wanted. Bjørn Søland believes that the identity of things is crucial if you want to ensure security. ”We have to have that and we need to improve security. The identity concept is extremely important”, he says. Individuals will suffer Businesses and organisations When Bjørn Søland visited the Mobile World Congress in late February and beginning of March, he did a search on how many of the companies present were working with IoT. The result showed a total of 1021; then he made a second search on “IoT security” which resulted in only four hits. Bjørn Søland believes this is a clear indication of what is happening right now. ”IoT reminds me of the land rush that took place in Oklahoma, USA, in the late 19th century. Everyone wanted to go out and acquire their own piece of land. There are many people who talk a lot about IoT today, saying it is safe, but the focus is on market share and positioning”, he says. Important to make updates Bjørn Søland emphasises that connected devices must be secured. Some of them may be used for as long as 20 years and it is important that software is updated, and encryption keys and algorithms are renewed. Strong authentication and digital signing is important in order to secure access to data and to verify who owns it and how access to data should be managed. ”Today data is leaking, and if Bjørn Søland, Head of IoT Business Development, Nexus Group. that are taking the step into the world of IoT, tend to focus more on interoperability and connectivity rather than security. One way to improve security is to establish clear policies on digital and physical access rights. At the same time, two out of three connected devices are estimated to be private, so the problem of cyber security very much concerns individuals, not just companies. ”It is clear that this will affect us”, Bjørn Søland concludes. Per-Christian Foss, Addsecure: ”Security has lagged behind the pace of innovation” How can communication be secured in a connected world? Per-Christian Foss, Head of Sales for IoT at Addsecure, stresses that security must be emphasised from the beginning. ”Always start with conducting a risk assessment”, he says By Henrik Söderlund to bring order to the security”, Per-Christian Foss says. Risk assessment and automatic updates According to Per-Christian Foss, a cornerstone for improving security is to look at the whole solution, not just individual devices and to remember to think about security from the start. ”It is difficult to add security afterwards. Conduct a risk assessment and consider which devices could be hacked and what the consequences would be if that were to happen and how big the risk is”, he says. Other basic measures are to change passwords and use anti-virus software and the best possible operating system. The latter is often neglected because manufacturers want to keep the costs down. Software should pref- Per-Christian Foss identifies five security challenges with the Internet of Things: an insufficient focus on safety, poor default passwords which makes the devices easy to hack, lack of updating routines, the communication not being secure and finally the large amount of IoT devices increase the risk. A lot of incidents ”IoT brings great opportunities and will provide great benefits, both for businesses and individuals, as well as for society as a whole. But there are clearly things that can go wrong. The problem is that IoT security has lagged behind the pace of innovation”, Per-Christian Foss says. In addition IoT devices can be used, and have been used in DDoS attacks against websites, there are also risks of attacks on critical infrastructure and theft of sensitive data. ”Before 2020, I believe that at least 25 per cent of all registered security incidents will involve IoT solutions. In order for IoT to reach its full potential, we need Per-Christian Foss, Head of Sales for IoT at Addsecure. erably be automatically updated, according to Per-Christian Foss. He says: ”When it comes to communication, one should question whether you need to be constantly connected to the internet. If we are talking about solutions for a fire alarm, we believe that communication should be carried out via a VPN channel in a private network.” Security News Every Day – www. securityworldhotel.com dete kto r in te r n at i on al • 1 5