OptConnect’s Strategic Approach to IoT Security Challenges
IoT sensors and connected devices are increasingly becoming prime targets for cyberattacks in today’s interconnected world. Recent reports have highlighted a staggering 400% increase in IoT and OT malware attacks, with the manufacturing industry particularly vulnerable, experiencing an average of 6,000 weekly attacks across all monitored devices. During an interaction with Vidushi, Chris Baird, CEO of OptConnect & Taylor Matthews, Director of IT/Network/Security at OptConnect provided expert commentary on best practices for protecting IoT devices and networks.
Given the exponential rise in IoT and OT malware attacks, how does OptConnect prioritize security in its IoT solutions to address these evolving threats?
At OptConnect, we use a very intentional security-by-design approach to keep our customers safe and secure. Our strategic approach to network architecture and building out a private network keeps us out of reach from public attacks. Additionally, we prioritize security through encryption, vulnerability assessments, network segmentation, vendor security assessments, and managing all firmware updates for our customers, among other things.
‘Security by obscurity’ is just not a safe and reliable model. Many people deploy an IoT or OT device with a set-it-and-forget-it mentality, and we know that approach doesn’t work. People often joke that the ‘s’ in IoT stands for security since it is often neglected, ignored, or misunderstood. At OptConnect, our fully managed connectivity solution allows customers to focus on their core business while we take care of all the complexity and nuances, providing a secure cellular network they can rely on.
Can you elaborate on the specific security measures implemented by OptConnect to ensure the integrity and confidentiality of data transmitted through IoT networks?
By design, we create layers of security that both enable the right activity and eliminate nefarious behavior from happening in the first place. We are never done testing, analyzing, improving, enhancing, and testing again; it’s a continual effort. Some of the security layers we focus on include private APN, multiple VPN offerings, encryption in transit, encryption at rest, MFA, security awareness training, patch management, vulnerability assessment, firewall review with customers, and other safety protocols.
At the end of the day, everything we do is centered around keeping customer data secure.
With the manufacturing industry being a prime target for cyberattacks, how does OptConnect tailor its security strategies to meet the unique challenges faced by manufacturing companies?
We focus on providing reliable and secure connectivity for a wide range of IoT markets and verticals. While manufacturing companies face some unique challenges, our solutions have been battle-tested and proven across countless end markets and use cases. Our network is segmented and private so customers can operate securely without having to be on a public and more vulnerable network.
In light of the recent industry report indicating that 93% of organizations struggle with securing their IoT products, what advice would you offer to businesses seeking to enhance their IoT security posture?
As mentioned, too many organizations use a set-it-and-forget-it model around IoT devices. A better approach is to let a dedicated team handle everything. For example, OptConnect provides managed services, which means we constantly monitor and manage the security of the device and the network so customers don’t have to. Organizations often struggle when they take it on themselves. It isn’t their expertise, so a lot can fall through the cracks.
It’s important to have a trusted partner who will never stop monitoring and take immediate action as soon as any anomalies are seen. Suppose a customer is struggling with their IoT security. In that case, we advise them to look for a trusted partner who can help them mitigate and eliminate security risks so that they can confidently continue to operate their business.
Could you share some insights into the role of encryption protocols and multi-factor authentication in mitigating risks associated with IoT security breaches?
Encryption and MFA are great enhancements from a security standpoint. MFA reduces the risk of phishing attacks or lost credentials, but it can’t be the entirety of a company’s security strategy. If someone isn’t there yet, they should get there, but they shouldn’t stop once there. People should think about the next step – which should include continuous monitoring and constant training. We also believe encryption is essential in ensuring the privacy and security of connectivity needs. Encryption is default at OptConnect. We implement data encryption in transit and at rest so that all customer data is protected.
How does OptConnect approach the continuous monitoring of IoT infrastructure to identify and address emerging risks and vulnerabilities proactively?
We monitor our hardware and network, but customers must be vigilant about monitoring their IoT infrastructure. Staying on top of attack vectors, certifications, requirements, and much more can feel overwhelming. OptConnect focuses on real-time monitoring, watching the network via proprietary tools, and integrating with industry, organization, and government resources to stay aware of —and ahead of—attack vectors.
For example, we receive real-time alerts from the Department of Homeland Security about IoT or OT tech that is being compromised since most of the ‘things’ we connect are considered critical infrastructure. We have automated alerting that triggers real-time notifications about anomalies and suspicious activity. Our Critical Response Team takes immediate action around the clock if an alert is triggered. We have implemented regular security tests to validate the resilience of our systems, team, and network. And we are constantly focused on enhancing and improving our security posture.
As the CEO of OptConnect, what do you believe are the most critical security aspects that companies should prioritize when assessing the security of their IoT connections and devices?
Communicate, communicate, communicate. Understand security’s who, what, where, when, and why. We’ve avoided entire incidents that would trip up other organizations because we set up expectations with employees, partners, vendors, and customers. We continually focus on communicating around security and all the various components. We are passionate about our rigorous testing and look for any potential flaws or weaknesses; then, we dedicate whatever resources are necessary to making improvements.
Lastly, it is important to have a disaster recovery/business continuity plan. Realistically, there’s no way to reduce event risk to 0%, but we try as hard as possible. We dedicate our full effort to minimize when something happens and be ready to recover immediately. The rate of response is critical. Focus on putting as much protection as possible in place, but then make sure you have a solid plan identified. Practice implementing it in case something does come up. How quickly you detect and respond, is vital.
Looking ahead, what trends do you foresee in the IoT security landscape, and how is OptConnect preparing to stay ahead of these emerging threats?
There are about 17 billion IoT-connected devices anticipated in 2024, surging to 30+ billion devices by 2030. That means security is only going to get more challenging. As it gets harder and more issues arise, that requires a matched effort. To stay ahead, you have to stay on top of everything. Attacks, vulnerabilities, and risks will keep growing. So, plan for, prepare for, predict, and be ready.
This also means more compliance and regulation will be required. New standards will be established, and everyone will need to increase what they are doing and adopt these new standards.
At OptConnect, we look forward to the increased adoption and expansion of the 5G network, which aims to be more secure than previous LTE generations. Elements like enhanced authentication, network isolation, secure communication channels, network slicing, virtual isolated layers, and similar protocols will all help.
Watch for more Zero Trust architecture – like VPN, but a step ahead.
AI will also continue to play a powerful role in the future of the IoT security landscape; specifically, AI-powered vulnerability assessments and machine learning. We’ve taken big steps forward by integrating and working with the latest AI tools to enhance our security solutions. These tools are faster, better, and more scalable compared to human efforts. Companies should embrace and integrate autonomous intelligence and machine learning to monitor and mitigate security risks before they escalate.
