How can billions of connected devices stay secure as they exchange data every second? IoT security protects the data, devices, and networks that keep our connected world running safely.
In this part of our IoT Basics series, we explore the key principles of IoT security — from device protection and encrypted communication to regulations shaping global standards.
For an overview of the full IoT ecosystem — from connections and communications to security and market insights — download the complete Guide to IoT Terms below.
With IoT now part of everyday life, devices are increasingly connected to each other and to centralized systems via networks. These connections are at risk from weak IoT security, which can expose users’ and organizations’ data to malicious actors.
The IoT industry has been responding for many years by enabling IoT security tools that protect devices and systems from threats and breaches.
IoT security risks can be mitigated by identifying and monitoring common threats before they materialize, helping to protect availability, integrity, and confidentiality. Even so, cybercrime continues to grow — with IoT deployments often exposed to weak passwords and other vulnerabilities caused by the dramatically expanded threat surface of IoT.
There have been striking examples of IoT-related attacks, such as tire pressure monitors being used to hack into vehicle systems and even a connected fish tank pump exploited to access financial systems at a Las Vegas casino.
While awareness of IoT security is increasing, public concern can also undermine trust in IoT technologies. Many organizations are therefore prioritizing vulnerability management and promoting confidence by following best practices and complying with emerging legislation and regulatory initiatives developed specifically for IoT worldwide.
As IoT device numbers continue to scale, the overall risk profile increases. The 2016 Mirai botnet attack—which compromised more than half a million unsecured IoT devices—flooded networks with traffic and temporarily disrupted major websites. This event underscored the need to protect IoT device integrity and confidentiality while mitigating evolving security risks.
Organizations deploying IoT face substantial security threats as criminals increasingly target connected operations, including through ransomware. Check Point Research reported that the average number of daily ransomware attacks rose by 50% in Q3 2020 compared with the first half of the year (source).
Global organizations such as GSMA have published IoT security guidelines, and new IoT cybersecurity laws have been introduced in California, Oregon, and the UK since 2020. These regulations require IoT devices sold in those markets to include reasonable security features — such as unique passwords, regular security updates, and vulnerability disclosure policies.
You may also want to read our article on IoT security.
The concept of integrating IoT security by design is now widely recognized and essential for devices that may remain in the field for up to 20 years. This long lifecycle means that security must be updatable and adaptable to counter new threats.
Lifecycle management of device credentials, cryptographic keys, software patches, upgrades, and digital certificates forms the foundation of the next generation of secure IoT systems.
A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge.
This came into force in May 2018 and imposes rules on controlling and processing personally identifiable information.
A secure network protocol suite that authenticates and encrypts the packets of data sent over an internet protocol network. IPSec uses cryptographic security services to protect communications over IP networks.
A collective term used to describe different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate or automate industrial processes.
A framework for business processes that facilitates the management of electronic or digital identities.
US regulatory body NIST has offered frameworks for IoT security and Congress passed the IoT Cybersecurity Improvement Act in December 2020. It also requires NIST to publish standards and guidelines on the use and management of IoT devices.
Organizations implement privileged access management (PAM) to protect against credential theft and privilege misuse. PAM describes a comprehensive cybersecurity to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.
A set of roles, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. PKI is a critical enabler of secure communication, data and money exchange.
Ransomware is a type of malware that extorts victims for financial gain. Once activated, it prevents users from interacting with their files, applications or systems until a ransom is paid.
Terms to describe IoT devices in active use without the knowledge of the owner or their IT departments.
An encryption protocol used to protect data in transit between computers enabling two computers to agree to encrypt the information in a way they both understand.
Describes a security model designed to protect digital businesses. Zero Trust sets out that organizations should not automatically trust anything regardless of whether it is outside or inside their operation. Zero Trust demands that everything trying to connect to your systems must be verified before access is granted.
Our platform provides a secure connection through Virtual Private Networks (VPNs) between your data center and the Telenor IoT platform.
A unique identification or serial number that all mobile phones and smartphones have. It is normally 15 digits long.
A barcode symbology and numbering system used in global trade to identify a specific retail product type, in a specific packaging configuration, from a specific manufacturer.
A globally unique number identifying a physical piece of CDMA2000 mobile equipment.
RFID devices are used for data transmission and capture by way of radio waves.
An enhanced version of a bar code. Unlike traditional bar codes, a smart label can contain much more information about a product. Smart labels take the shape of RFID tags, Electronic Article Surveillance (EAS) tags, or the most commonly seen, QR codes.
A number given to any device within any system to allow the ability to interact with it.
A string of characters that unambiguously identifies a particular resource.
