As the digital transformation of enterprises progresses, the application of Internet of Things (IoT)/Operational Technology (OT) in various industries is becoming more widespread. However, with billions of devices connecting to the network, the IoT brings unprecedented convenience while also triggering new security risks. The widespread application of IoT devices and their interconnectivity make them a high-risk area for hacker attacks and data breaches. According to Palo Alto Networks' IoT threat report, IoT, Internet of Medical Things (IoMT), and OT devices account for more than 30% of enterprise network devices.
Palo Alto Networks' President for Greater China, Chen Wenjun, stated in an interview with journalists: "The IoT/OT security risks faced by global and Chinese enterprises are multifaceted, such as malware attacks, device hijacking and DDoS attacks, data breach risks, device security vulnerabilities, the complexity brought by the convergence of IT and OT, and supply chain attacks."
Increase in Cyber Attacks
With the deep integration of artificial intelligence, big data, and mobile IoT technologies, the intelligent connection of all things is gradually becoming a reality. However, the sharp increase in the number of interconnected devices also leads to growing challenges in corporate network security. These interconnected devices, due to their weak built-in security, vulnerabilities, and lack of management by traditional IT/security solutions, have become the main targets of cyber attacks, posing a serious threat to corporate network security.
Advertisement
According to an IDC report, with the rapid development of industrial IoT platforms, especially the convergence of IT and OT, network threats have increased, and the attack surface has significantly expanded. Since many industrial devices rely on proprietary protocols and are interconnected with a broader range of systems, the difficulty of protecting these complex systems increases, providing more opportunities for cyber attackers.
A joint report published by Palo Alto Networks and ABI Research shows that among the 102 Chinese enterprises surveyed in the report, 73.5% of enterprises indicated that their OT environment had been subjected to cyber attacks, with 70.7% of the attacks originating from the IT environment and 29.3% from the OT environment. 24% of Chinese enterprises have experienced operational shutdowns due to OT network attacks in the past year. Malware, ransomware, insider attacks, phishing attacks, APT attacks, and DoS attacks are the types of OT network attacks they are most concerned about.
Not only domestically, but the data from nearly 2,000 executives and practitioners in 16 countries worldwide surveyed in the report shows that nearly 70% of industrial enterprises have encountered cyber attacks in the past year, with 26% of enterprises suffering attacks weekly or even daily. A quarter of the enterprises had to temporarily cease operations due to cyber attacks. The impact of the attacks is not limited to data and revenue loss but also severely disrupts business continuity.
At the same time, enterprises are integrating 5G technology into their networks. Although this has improved their connectivity and efficiency and has benefited from 5G's higher transmission speeds, lower latency, and support for high-bandwidth applications, nearly 70% of respondents believe that 5G has also brought increasingly serious threats. This indicates that the challenges of ensuring the security of industrial operations are increasing with technological advancements. Three-quarters of respondents also believe that remote access by employees and third parties is increasing. While this brings many benefits, such as various monitoring capabilities and faster incident response times, it also poses greater security risks to the environment.
Visibility as a Key
"Being able to see" has become a significant challenge in defending against IoT/OT network attacks. In Chen Wenjun's view, traditional network security has not kept up with the requirements of smart devices and the interconnection of IoT devices. Traditional network security sometimes fails to recognize the network attacks that IoT devices face today, and often focuses only on IT devices without paying attention to OT devices. This creates blind spots for corporate IT personnel and CIOs (Chief Information Officers), preventing them from clearly understanding the connection of OT devices to their networks. Without timely upgrades, many vulnerabilities are exposed, increasing the risk of security threats.Palo Alto Networks' Pre-Sales General Manager for Greater China, Dong Chuntao, stated that in the past, even though companies were aware that IoT security was a vulnerability, they were unable to address it due to insufficient identification capabilities, primarily because of the vast number of device models.
According to data from the Ministry of Industry and Information Technology, the proportion of IoT terminal connections in China accounts for nearly 60%. By the end of 2023, the total number of mobile network terminal connections in China reached 4.059 billion, with cellular IoT terminal users reaching 2.332 billion, accounting for 57.5% of mobile terminal connections, a year-on-year increase of 26.4%, with a net increase of 488 million users in 2023. Cellular IoT terminals are applied in public services, connected vehicles, smart retail, and smart home sectors, with scales reaching 799 million, 454 million, 335 million, and 265 million users, respectively.
In response to the growing demand for IoT security, Palo Alto Networks recently announced the upcoming launch of its IoT/Operational Technology (OT) security services in China.
Chen Wenjun introduced that by leveraging machine learning-based discovery capabilities for comprehensive device visibility, Palo Alto Networks' IoT/OT security services can quickly and accurately identify all IoT devices in real-time, including devices that have never been seen before. Additionally, it uses crowdsourced data to identify anomalous activities, continuously assess risks, and provide trust-based policy recommendations to improve enterprise security postures.
Leave A Reply