ChannelLife New Zealand logo
Industry insider news for New Zealand's technology resellers
Story image

NZ pours billions into IoT - so what are we doing to secure it?

By Sara Barker
Wed 10 Nov 2021

The internet of things (IoT), broadly defined, comprises devices and sensors that connect to a service or network through the internet. 

 IoT is built into everyday consumer and business devices like wearables, security cameras, and temperature sensors. One look on eBay will reveal billions of devices from legitimate companies like Google or Apple and a lot of stealth brands that tend not to attract much attention.

IoT is a big deal in terms of its economic impact. In 2018, analyst firm Gartner predicted that there would be 25 billion 'connected things' by 2021. Of course, nobody knows if IDC was right, but what we do know is that IoT is big business. 

New Zealand's part in IoT evolution

Analyst firm IDC predicted in July that IoT spending in Australia and New Zealand alone could reach NZ$20 billion by the end of 2021. And it's clear why. Mobile networks are becoming more powerful - 5G is reaching mass saturation. Satellite and fibre broadband are both more reliable and faster than ever before. As a result, new Zealand is going all-in on IoT innovation. For example:

  • Māori dairy company Miraka, located in South Waikato, uses digital microwave radio to transmit voice and data to and from its Mokai dairy plant half an hour from Taupō. Why? Because copper networks are slow, fibre can still be prohibitively expensive to roll out in rural areas
  • Nelson-based supply chain firm Core Transport Technologies used Bluetooth-based real-time air cargo tracking for Air New Zealand
  • Greater Wellington Regional Council uses IoT for water quality monitoring 
  • Energy providers will often install smart meters in meter boxes
  • Christchurch City Council uses seismic sensors for earthquake resilience

From the commercial side, Spark also has a dedicated 'Innovation Studio' that showcases emerging and market-ready use cases for IoT and 5G.  It helps businesses explore the possibilities via ideation, co-creation, testing and workshops. The company also stocks products from vendors like Blackhawk and Netvox.

Spark IoT lead Tony Agar says its IoT business offerings have grown over the last four years as local businesses explore using tech to improve efficiency, productivity, and sustainability. When we asked Tony Agar to explain how Spark selects vendors, his response was straightforward - it's all about what works for its customers.

"Before we put a product to market, we also do a lot of testing of the hardware and undertake due diligence to ensure a new vendor is good at working collaboratively," says Agar.

Technology distributor Ingram Micro takes a similar approach to IoT. Business manager of Networking & IoT, Steve Blackmore, says that IoT comprises sensors, gateways, connectivity and platforms all tied together as a solution that creates, communicates, and analyses data.

"An IoT solution is the sum of its parts, so our approach is to work backwards from the desired outcome to provide end-to-end secure IoT solutions. So we research potential vendors and ascertain the best fit based on hardware quality, breadth of their portfolio, and the ability to integrate. Our vendor partners are best-of-breed manufacturers that fit our uniquely New Zealand requirements."

So Spark and Ingram Micro say they're committed to working with reputable vendors. But are they - and their customers - paying enough attention to IoT security?

IoT: A security conundrum

Trace the supply chain from any IoT device back far enough, and there is an often unspoken element of 'trust' in the security of the hardware, networks and software.

IoT Alliance spokesperson Vimal Kumar says that the range of IoT devices is massive, as is the security built within them. Add in factors like how and where those devices are being used, quickly becoming a recipe for targeted cyber attacks. Additionally, attackers can leverage these IoT devices for different purposes. 

Kumar explains, "Primarily, with IoT devices, we see two types of attacks; ones that target the user's data collected by the devices and ones that target the device itself to gain access to the network in which the device operates.

"IoT devices generate and store a large amount of data either on the device or in the cloud. This could be the data a device is generating (such as the commands you give to Google Home or the video captured by a webcam) or the user's account information or credit card information, etc. All of this is of some value to an attacker and a vulnerable IoT device is one way to reach it."

Botnets, which are essentially an army of compromised devices, can also be used to take down websites and other devices on the internet. For example, the Mirai malware is one of the most well-known botnets, targeting Linux-based devices like routers and home surveillance cameras and turning them into an army of bots that conduct distributed denial of service (DDoS) attacks. Attackers can also steal data from IoT devices, use them to gain access into more complex networks, and they could potentially use devices to spy on unsuspecting users.  

"Any vulnerable device can potentially become a bot for an attacker, however, IoT devices are especially at risk because we are at a very early stage in terms of IoT maturity," adds Kumar.

A 2021 report from Kaspersky showed more than 1.5 billion IoT device breaches in the first half of the year alone.

Devices are typically compromised because:

  • Manufacturers do not embed security into their devices
  • Security updates are few and far between (if there are updates at all)
  • Ports are left exposed
  • Users don't change default usernames and passwords on devices
  • Internet-connected networks are compromised (IoT devices operate on these networks).

Another April 2021 report from global technology firm Thales says there are six main IoT security challenges: Weak password protection, lack of regular patches and updates and weak update mechanism; insecure interfaces; Insufficient data protection; poor IoT device management; and the IoT skills gap.

These risks are not enough to stem the circulation of IoT devices in global and local markets. While nothing can stop someone from ordering a security camera from China (except, perhaps Customs), what about the devices currently available in New Zealand?

Spark's Tony Agar says that when Spark provides connectivity to its customers, it understands what kinds of security customers need. The company then designs network services to meet security needs. 

"Once the service is up and running, Spark monitors all devices on our networks for abnormal behaviour and will proactively engage with customers when non-standard network events are observed to ensure fixes are undertaken (and to ensure the network remains stable)."

Over at Ingram Micro, the company believes security is everyone's ability, particularly within commercial IoT.

Blackmore says, "Manufacturers are responsible for building their products as securely as possible and providing firmware updates over time to ensure those devices remain secure. Distributors, resellers, and service providers have a duty of care to design solutions that protect the customer's data and data infrastructure. Security is not a product, it is a mandatory feature, acquired by deliberate design, and included in every data creation, communication, analysis, and storage solution."

Ingram Micro's approach determines the different areas in which a device or solution can be secured.
 
"LoRaWAN for example, is secure by design with authentication and end-to-end encryption being mandatory as part of the standard. Similarly, any network based IoT data whether ethernet, BLE or wireless is secured by Zero-Trust and SASE mechanisms from our existing networking and security vendors."

Ingram Micro states that its IoT solutions are secure by design, so it also ensures that New Zealand businesses operating within the technology channel are aware and educated about different security mechanisms, so they can then make sure their customers are educated. On top of that, the company can provide additional layers of security via a third-party network, data and security vendors.

Dealing with IoT vulnerabilities

Despite protections put in place by manufacturers, distributors, resellers, and us at home, vulnerabilities will remain a significant security challenge. According to stack.watch, there have been 17,145 published vulnerabilities this year, and the number will continue to climb. Of course, not all of those vulnerabilities will involve IoT devices, but they do underscore an essential point: vulnerabilities are an inevitable part of life. Not every device or network can remain secure all the time.

Touching on Spark's approach to security vulnerabilities, Agar says, "We work with vendors when device issues are observed to get them resolved. Typically we do this as part of the Permit to Connect process so we know devices when on our networks will operate in line with the GSMA industry device standards. When a device deviate from standard behaviour, we work with vendors to understand and address the issue."

Ingram Micro's Steve Blackmore says vendor agreements have mechanisms in place to deal with vulnerabilities.

"Our vendors are required to represent and warrant that their products don't contain harmful code and meet information warranties. Should a vulnerability be discovered, Ingram Micro will work with the vendor to assist in any relevant remedial work such as advertisement of new firmware required, or product recall with the vendor contractually obliged to assist with relevant authorities."

Both Spark and Ingram Micro have steps in place to deal with vulnerabilities, and both consider security a priority from the beginning. It is fortunate that such high-profile companies are committed, but will everyone sing to the same tune?

When we reached out to retailer Noel Leeming, we did not get a response. A few other technology retailers also declined to participate. It was similarly difficult to encourage IoT manufacturers to present their thoughts. The absence of manufacturers and retailers from this story certainly leaves much to be desired when looking at the overall approach to IoT in New Zealand. 

It is clear that IoT security is not an afterthought, but it is something that legislation is struggling to keep up with. For example, there is little to no protection if an IoT device sold in New Zealand is involved in a breach. Under the Privacy Act 2020, an organisation with a presence in New Zealand must notify the Office of the Privacy Commissioner in the event of a breach. In addition, the Consumer Guarantees Act mandates that those in trade cannot mislead or deceive consumers - this includes misleading people about the security of a product. 

Suppose the IoT opportunities for New Zealand's commercial sectors like agritech are as important to the Government as its industry policies suggest. In that case, there needs to be more public discourse about how we secure a technology that many industries may come to depend on for their business - and New Zealand's economy..

Public Interest Journalism Fund logo
Public Interest Journalism funded through NZ On Air.
Related stories
Top stories
Story image
New Zealand
2degrees announces appointments to newly established board
2degrees has announced Liz Coutts as the board chair, while Russell Stanners and Kathy Meads join her as directors.
Story image
Web application firewall
Radware recognised in KuppingerCole’s 2022 Leadership Compass report
Radware has been named a Product, Innovation, Market and Overall Leader in the 2022 KuppingerCole Leadership Compass report for Web Application Firewalls.
Story image
Financial results
Jade Software’s plan to get back to surplus in 2022
Jade Software has released its latest financial report, revealing that the company has kept its loss low from $567,000 in FY 2020 to just $153,000 in FY 2021.
Story image
Document Management
TrustRadius gives M-Files two document management awards
TrustRadius has recognised M-Files with both a 2022 Best Feature Set and a 2022 Best Relationship award in document management.
Story image
SaaS
Claroty launches new cloud-based industrial cybersecurity platform
The company says Claroty xDome is the industry's first solution to deliver the ease and scalability of SaaS without compromising on visibility, protection, and monitoring controls.
Story image
Tether
Ricoh and NZ tech company Tether initiate new reseller partnership
A new reseller partnership between Ricoh and NZ tech company Tether will focus on monitoring, hybrid work and air quality solutions.
Story image
Cloud
Pax8 acquires NZ cloud company Umbrellar
Pax8 has recently acquired New Zealand cloud company Umbrellar in a move that will expand Pax8's footprint in the region and empower its fast-growing partner base.
Story image
Gaming
Hands-on review: SteelSeries Apex Pro Mini Keyboard
SteelSeries has taken the design of its range of Apex keyboards to create a smaller version, the Apex Pro Mini. Techday’s Darren Price checks it out.
Story image
Microsoft
SaaS sector in NZ thriving as a result of trans -Tasman partnerships
New Zealand's Software-as-a-Service (SaaS) sector is on track to be the biggest contributor to GDP this year, generating more than NZD$20 billion for the New Zealand economy.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Ernst & Young
Ernst & Young NZ acquires tech firm Q4 Associates
Effective from today, the Q4 Associates addition will impact significant areas of EY’s working operations, particularly in the financial sector.
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
Mergers and Acquisitions
Netskope acquires Infiot, delivers integrated SASE platform
Converged SASE platform provides AI-driven zero trust security and simplified, optimised connectivity to any network location or device, including IoT.
Story image
Enterprise
Fortinet reports second quarter 2022 financial results
“We delivered strong revenue and billings growth in the second quarter driven by an increase in the number of transactions larger than one million dollars."
Story image
Cloud
Microsoft and Auckland Transport announce new cloud agreement
Auckland Transport (AT) and Microsoft have announced a new cloud agreement aimed at promoting innovation, reducing costs and improving sustainability in transport services.
Story image
Report
Westcon NZ posts $19.1 million YOY revenue increase - report
Westcon NZ has released its latest financial report, showing the company has increased its revenue by $19,119,905 in the last financial year.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
SAP
OutSystems joins SAP PartnerEdge program, integrates solutions
OutSystems has become an official member of the SAP PartnerEdge program. This will make it easier for other businesses within the SAP ecosystem to discover and connect with OutSystems.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
i-PRO
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Gaming
Chorus announces Hyperfibre sponsorship deal with NZ Esports
Chorus has put its support behind New Zealand's Esports community with a newly announced three-year Hyperfibre sponsorship deal with NZ Esports.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Firewall
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Product Management
TeamViewer and Siemens to innovate product lifecycle space with AR
TeamViewer's new partnership with Siemens Digital Industries Software to bring the power of TeamViewer's AR platform, Frontline, to Siemen Teamcenter software.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Financials
Google NZ numbers show strong comprehensive profit increase
The latest financial report from Google New Zealand Limited has revealed an increase in total comprehensive profit of over $NZD 7 million.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
Financial results
Facebook NZ financial report reveals notable revenue increase
Revenue from contracts with customers increased by $NZD 1,089,292 compared to 2020's figures.
Story image
Identity and Access Management
Pitney Bowes launches rebranded digital visitor management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
Revenue
IBM NZ sees significant revenue increase in latest report
IBM NZ has posted revenue of $172,449,000 for the financial year, according to its latest report, a year-over-year increase of over $47.5 million compared to $124,904,000 in 2020.
Story image
Toshiba NZ
Toshiba's New Zealand Branch sees profit decline - report
Toshiba Australia's New Zealand Branch have released their latest financial reports, showing the company’s total revenue from contracts with customers has grown by $6,926,000 in Australia.
Story image
Customer
OfficeMax NZ sees significant growth through Seismic partnership
OfficeMax New Zealand has announced it has seen a significant increase in customer and sales confidence as a result of Seismic’s digital enablement software.
Story image
Phishing
Norton research finds NZ threat landscape diversifying on social media
Norton's quarterly report has highlighted the seriousness of the threat landscape in New Zealand.
Story image
Apple
2degrees unveils eSIM functionality for selected devices
2degrees has enabled eSIM functionality to work with a variety of Apple, Samsung and Oppo devices, including a range of iPads.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
Sales
BNZ launches first tap-on-phone point of sale app in NZ
Bank of New Zealand has launched BNZ Pay, an innovative mobile app for retailers that transforms an Android device into a contactless payment terminal. 
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.