An interesting statistic cited by Andrea Zapparoli Manzoni, one of the leading Cyber Security experts in Italy, and a comparison with the state of the art of today's technologies: 85% of those who bought a car between 1900 and 1910 died in a road accident.
This is because, despite already having powerful internal combustion engines, the braking systems were still the same used for carriages, the wheel rims were made of wood, the roads were unpaved and "last but not least" there was no highway code (there weren't even belts and rear-view mirrors, but I don't want to dwell on it).
The IoT (or industry4.0 or industrial internet, as you want to call it) is the automobile of the 1900s: there are already very powerful engines, but the braking systems, infrastructures and above all culture are considerably backward.
Let's go back to cars, but let's talk about today's cars: those who buy a small car in 2016 are certainly not questioning whether of the 10.000 euros of total expenditure, about 5.000 are related to security.
Would you ask the dealer to remove your seat belts or ABS system to save money? Obviously not, but even if it were possible, national and international regulations would prevent you from doing so.
The continuous and increasingly blatant cyber attacks of the last few months (San Francisco, Germany, England, etc…) were unthinkable or at least improbable until they were implemented: these are the victims of the accidents on the new road network, i.e. INTERNET.
Until the various state and international bodies transform directives and regulations into legal norms, the only ones who will be saved will be the early adopters, i.e. those who before the others will not make it a legal issue but a common sense one.
The automation of cybercrime has led to the creation of systems which, by sniffing the network, find access points to the systems, access points which the internet of things has made infinite and connected directly or indirectly to entire corporate architectures: the mobile phone of the CEO is a potential access point, for the simple reason that father and son connect at home via the same WiFi.
The concept of "security by product" is no longer sufficient: there is no braking system that fits all cars. On the other hand, “security by design” is much more efficient.
So how should we act? First of all, you need to be sure you know your architecture in depth, detecting all potential access points to the system and the ways in which data is collected, historicized and distributed.
Those who sell software solutions hardly issue a security certification for their product: partly due to the absence of laws in this regard, partly because the single platform is only a brick of the great wall that makes up the system architecture.
However, there are ways to test your system and certify it: the most authoritative certification at the moment is the Achilles Test, born in the oil & gas world and which is finding interlocutors in all sectors where there is a process.
Want to learn more about the Achilles Test? Do you want to better understand how to protect your systems and your architecture? Follow the links below.