Stash Contact
EN
EN PT ES
Stash Contact
Important

Cibersegurança e IoT: como proteger indústrias conectadas

30 de January 8 min. de leitura

  • Blog
  • Important
  • Cibersegurança e IoT: como proteger indústrias conectadas

Cybersecurity and IoT: security at connected industries

Cibersecurity and IoT

Copyright: ST-One

The integration of IoT (Internet of Things) technology in industries is primarily responsible for creating Cyber-Physical Systems. These systems are composed of networked physical structures integrated with cyber components, sensors, and actuators. These elements interact in a process monitoring cycle, providing information to support human interventions that affect the operation of a specific machine or system.

The growing concern with cybersecurity is directly related to technological evolution and the integration of IoT systems in industry. This is because the combination of these elements broadens the attack surface for cybercriminals, creating opportunities for businesses to be targeted.

Cyberattacks, present in software-managed systems, have become more sophisticated since their inception, which propels the field of Cyber Physical Security (CPS). Cybersecurity aims to protect computer systems, applications, devices, and data against ransomware and other malware, phishing attacks, data theft, among other threats.

According to Sheilla Valverde, Master’s in Computer Engineering, Information Security and Intrusion Detection Mechanisms at UFP (Fernando Pessoa University) and postgraduate degree in Cryptography and Cybersecurity, “to ensure security, it is necessary to devise a strategy that covers the seven cybersecurity layers. This encompasses both the digital and physical worlds,” they are:

  • Physical layer: protects infrastructure against unauthorized access and physical damage
  • Network layer: focuses on securing network communications, using firewalls and VPNs
  • Perimeter layer: safeguards network boundaries, preventing external threats
  • Endpoint layer: protects end-user devices against malware and other threats
  • Application layer: employs secure development practices, penetration testing, and continuous monitoring
  • Data layer: safeguards stored and in-transit data using encryption and access controls
  • Human layer: includes user training and awareness programs

“Protection starts at the physical layer and ends at the application layer, with each being susceptible to different attacks. Therefore, security begins with the company’s physical structure and extends to task execution.” — Sheilla Valverde, postgraduate degree in Cryptography and Cybersecurity.

Industry Overview

Innovative IoT solutions are gaining increasing traction within factories and industrial plants, contributing to the pursuit of operational improvements. Despite the countless benefits, the adoption of these technologies is not occurring at the pace expected by the market. This is influenced by potential security issues that may arise if proper care is not taken.

Industries aim to connect all manufacturing areas to achieve performance improvement. However, in this process, it’s possible to encounter lines that use older technologies, resulting in a lack of standards. Thus, when implementing IoT systems, one may find challenges in maintaining end-to-end cybersecurity.

To address the issue of the difficult integration of legacy systems with new technologies, a McKinsey study (2017) suggests implementing new solutions. These can be based on the use of isolated networks, which operate independently, or through redundant sensors, which take control in case of failures.

Motivated by these challenges, many industries are internally developing their own solutions, aiming for integrated monitoring even with legacy systems. However, it is important to consider that this is a process that requires a high level of expertise, security knowledge, and continuous maintenance to create value. Often, the difficulty in incorporating cybersecurity-focused tools is due to the increased cost of solutions.

To change this scenario, when developing an IoT, one should focus on robust security applications to ensure data transmission without attacks, regardless of technological maturity. In this way, there is an integration between systems without compromising security.

“Thinking about industry is thinking about cybersecurity and privacy. It is ensuring the proper functioning of operations, without errors and leaks.” — Sheilla Valverde, postgraduate degree in Cryptography and Cybersecurity.

Cibersecurity e IoT

Copyright: ST-One

IoT and Cybersecurity: the key to unlock results

According to McKinsey (2023), increasing cybersecurity in IoT systems is the key to unlock results. According to its survey, this union is the solution for the faster and smarter adoption of these technologies in the industry.

The use of IoT has been growing in manufacturing industries. Initially, its use was focused on individual points on the production line, but the scenario is changing, evolving to make the entire factory connected. Even with this positive change, IoT technology has untapped potential, especially considering cybersecurity as a must-have. The goal is a barrier-free experience, where devices are reliably connected without the need to compile authentications.

This ideal scenario is only possible through the convergence between IoT and cybersecurity, from design to implementation. In this context, the points to be considered when developing IoT applications for the industrial environment are interoperability, complexity of installations, and cybersecurity

The benefits of this convergence are significant. Considering that the scenario tends to prioritize cybersecurity, multinationals would invest an average of 20 to 40 percent more in the installation of these technologies. By 2030, the IoT vendor market is expected to reach approximately $500 billion.

The importance of cybersecurity is increased by the interconnectivity between IT and operational technology within the IoT, especially in cases of critical data transmission. According to McKinsey, IoT application software and human-machine interfaces are the most vulnerable layers. Thus, it is necessary to consider a secure cyber-physical environment based on data privacy, confidential access, integrity, compliance, and resilience. Currently, cybersecurity tools act actively on devices, with the potential to expand to protect the entire IoT chain.

In short, the rise of cybersecurity in IoT devices results in the development of more integrated and fluid solutions. They are also able, in addition to identifying, to block cyber-attacks.

Actions to increase cybersecurity

According to McKinsey (2023), the convergence mentioned in the previous section should occur in the architectural, parallel design, and software layers. In the architectural layer, secure code can be embedded in the code base at all technological layers (including firmware and hardware). In the parallel design layer, technology must be developed following the principle of “privacy by design“, covering everything from the platform to the cloud. Finally, integrated cybersecurity solutions can protect both hardware and software solutions.

Additionally, some cybersecurity practices to mitigate IIoT risks include:

  • Secure authentication and access control: implement actions such as multi-factor authentication and role-based authorization to ensure only authorized use of IoT networks.
  • Encryption: protect data traveling between IoT devices using encryption.
  • Regular patch management: keeping devices’ firmware and software up to date with security patches to fix known vulnerabilities.
  • Continuous monitoring: implement intrusion detection systems and continuous monitoring to identify anomalies that may indicate attack attempts.
  • DDoS attack protection: practice DDoS protection measures, such as application firewalls and rate limiting, to prevent IoTs from being used as
  • Regulatory compliance: ensuring compliance with security regulations such as LGPD and IoT Cybersecurity Improvement Act.
Cibersecurity and IoT

Copyright: ST-One

Importance of structured cybersecurity

For companies developing IoT technologies, in addition to regulatory compliance, it is possible to pursue voluntary compliance standards to further strengthen cybersecurity. An example is SOC 2, developed by the American Institute of Certified Public Accountants (AICPA). Although not mandatory, fitting into SOC2 demonstrates that those responsible have adequate internal controls for security, availability, processing integrity, confidentiality and privacy. This is an important competitive outline, as SOC 2 certificates must always be up to date and adapting their practices according to technological evolution.

In addition, this type of certification ensures compliance with international standards, indicating robustness to serve industries in various sectors at scale. Similarly, it takes in-house expertise to understand and implement compliance requirements, which are complex. This knowledge prevents failures in the implementation and maintenance of these standards.

In the context of IoT technology providers, having these certifications means offering a service that reduces risk and increases operational efficiency. For industries, it is key because it ensures the privacy of sensitive data and strengthens a culture of security.

“To provide IoT solutions, it is necessary that those who develop them become aware of the importance of security, and, above all, that they already grow and develop well-established security policies. From this, it is possible to see the next steps, identify what needs to improve, it is a process of continuous improvement.” — Sheilla, postgraduate degree in Cryptography and Cybersecurity.

Learn more about us.

Array
WhatsAppTwitterFacebookLinkedIn

ST-One Ltda © 2025

Privacy PolicyTerms of Use

We use cookies to improve your experience on our website. By continuing browsing you agree to our privacy policy.