Data Protection Day, observed every 28th of January since 2007, marks an important milestone in privacy and data security. Initiated by the Council of Europe (distinct from the Council of the European Union), it was born out of a concerning insight: a survey revealed that 70% of European citizens were unclear about how their personal data was safeguarded. This date also honors the signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, a significant event that took place on the same date in 1981. The convention’s aim is to ensure legal frameworks evolve in tandem with rapid technological advancements.
The gap between technological innovation and regulatory frameworks presents a persistent challenge to governments worldwide, a reality that is becoming increasingly evident with the advent of AI-based tools. As Information and Communication Technologies (ICTs) grow more sophisticated and the volume of personal data transmitted over the internet continues to soar, understanding the risks associated with sensitive data breaches becomes crucial. There’s an urgent need to adopt effective measures to safeguard the privacy and security of individuals, businesses, and government entities.
Cybersecurity, a priority in IoT
In this scenario, it is inevitable to establish a relation between IoT, cybersecurity and data protection. With billions of connected devices in the world, there are many physical applications that use user data for authentication tasks on the network, payment management, sending location, or even biomedical parameters, health information or other sensitive data. We have become accustomed to the convenience of using contactless solutions, often through apps on our mobile phones, for routine tasks such as paying for a coffee at an unattended machine, charging an electric vehicle or riding an eScooter for public use. But entrusting so much information, and ultimately a great deal of power, so freely to the automated workings of a digital system should, at the very least, prompt us to engage in reflection and critical thinking at two levels of responsibility: as users and as companies.
As users, we must be aware of the potential risks from unauthorised exposure of our data, ranging from fraud to identity theft. As businesses and IoT professionals, we must deploy the necessary cybersecurity measures to prevent potential threats, identify cyber-attacks in real time and react to them effectively to avoid irreparable damage to the business in terms of reputation, revenue or even legal sanctions.
IoT cybersecurity starts at the connectivity level
An IoT system is made up of many elements, many layers that fulfil different functions and must be properly secured; from the hardware to the software installed on the device and/or in the cloud, there are many elements that can offer potential entry points for cybercriminals, but if there is one layer that cuts across all the others and can affect all the cogs in the wheel, it is connectivity. To neglect the means by which devices communicate with each other or over the internet is to neglect the channels through which thousands of users’ data flows every second; IoT cybersecurity starts with making the right connectivity decisions.
As a result of this reality, the GSMA, as the authority responsible for setting the pace for the adoption of new mobile technologies, has designed the IoT SAFE standard, a set of cross-cutting measures aimed at securing end-to-end IoT device communications, relying on the SIM card as the root of trust. These measures involve all elements of the IoT system, from software to hardware to middleware, and of course also the SIM, through a specific applet for device authentication in the cloud. IoT SAFE provides a standardised framework for securing communications with an end-to-end approach.
To bridge the gap between technology’s rapid progress and legislative updates, authorities are actively creating regulations to better protect users in our interconnected world. At the European Union level, the Cyber Resilience Act aims to address two key challenges: reducing vulnerabilities in digital products and networks of connected devices, and increasing public awareness about cybersecurity. In parallel, the UK is advancing similar goals through its PSTI legislation, complementing the EU’s efforts to enhance digital security.
A full approach to IoT data protection: defend, detect and react
In this challenging and responsible scenario, companies in charge of devices that manage users’ personal data must take an active role in protecting their IT systems, and consider connectivity decisions from the very design of the project. Wireless Logic believes it is essential to work with a holistic approach to security that includes not only the protection of networks and devices, but also active listening of systems and protocols designed to respond effectively to attacks and mitigate the technological, legal and economic impact of potential security crisis.
The Wireless Logic’s IoT security framework comprises sixteen provisions or measures to Defend IoT devices and systems, quickly Detect cyber threats and React effectively to attacks. In addition, Wireless Logic develops solutions that are compliant with the GSMA’s IoT SAFE standard and adapted to the demands of new regulations, which can give technology companies a significant competitive advantage, anticipating the evolution of the IoT market and laying the groundwork to protect their users’ personal and sensitive data.
Our IoT security experts are available to help you assess your current approach to IoT security including processes, people, regulation and technology. Contact us today to discuss your current cybersecurity on 0330 056 3300.