eCommerce News New Zealand logo
The latest digital commerce news for Kiwi businesses
Story image

NZ pours billions into IoT - so what are we doing to secure it?

By Sara Barker
Wed 10 Nov 2021

The internet of things (IoT), broadly defined, comprises devices and sensors that connect to a service or network through the internet. 

 IoT is built into everyday consumer and business devices like wearables, security cameras, and temperature sensors. One look on eBay will reveal billions of devices from legitimate companies like Google or Apple and a lot of stealth brands that tend not to attract much attention.

IoT is a big deal in terms of its economic impact. In 2018, analyst firm Gartner predicted that there would be 25 billion 'connected things' by 2021. Of course, nobody knows if IDC was right, but what we do know is that IoT is big business. 

New Zealand's part in IoT evolution

Analyst firm IDC predicted in July that IoT spending in Australia and New Zealand alone could reach NZ$20 billion by the end of 2021. And it's clear why. Mobile networks are becoming more powerful - 5G is reaching mass saturation. Satellite and fibre broadband are both more reliable and faster than ever before. As a result, new Zealand is going all-in on IoT innovation. For example:

  • Māori dairy company Miraka, located in South Waikato, uses digital microwave radio to transmit voice and data to and from its Mokai dairy plant half an hour from Taupō. Why? Because copper networks are slow, fibre can still be prohibitively expensive to roll out in rural areas
  • Nelson-based supply chain firm Core Transport Technologies used Bluetooth-based real-time air cargo tracking for Air New Zealand
  • Greater Wellington Regional Council uses IoT for water quality monitoring 
  • Energy providers will often install smart meters in meter boxes
  • Christchurch City Council uses seismic sensors for earthquake resilience

From the commercial side, Spark also has a dedicated 'Innovation Studio' that showcases emerging and market-ready use cases for IoT and 5G.  It helps businesses explore the possibilities via ideation, co-creation, testing and workshops. The company also stocks products from vendors like Blackhawk and Netvox.

Spark IoT lead Tony Agar says its IoT business offerings have grown over the last four years as local businesses explore using tech to improve efficiency, productivity, and sustainability. When we asked Tony Agar to explain how Spark selects vendors, his response was straightforward - it's all about what works for its customers.

"Before we put a product to market, we also do a lot of testing of the hardware and undertake due diligence to ensure a new vendor is good at working collaboratively," says Agar.

Technology distributor Ingram Micro takes a similar approach to IoT. Business manager of Networking & IoT, Steve Blackmore, says that IoT comprises sensors, gateways, connectivity and platforms all tied together as a solution that creates, communicates, and analyses data.

"An IoT solution is the sum of its parts, so our approach is to work backwards from the desired outcome to provide end-to-end secure IoT solutions. So we research potential vendors and ascertain the best fit based on hardware quality, breadth of their portfolio, and the ability to integrate. Our vendor partners are best-of-breed manufacturers that fit our uniquely New Zealand requirements."

So Spark and Ingram Micro say they're committed to working with reputable vendors. But are they - and their customers - paying enough attention to IoT security?

IoT: A security conundrum

Trace the supply chain from any IoT device back far enough, and there is an often unspoken element of 'trust' in the security of the hardware, networks and software.

IoT Alliance spokesperson Vimal Kumar says that the range of IoT devices is massive, as is the security built within them. Add in factors like how and where those devices are being used, quickly becoming a recipe for targeted cyber attacks. Additionally, attackers can leverage these IoT devices for different purposes. 

Kumar explains, "Primarily, with IoT devices, we see two types of attacks; ones that target the user's data collected by the devices and ones that target the device itself to gain access to the network in which the device operates.

"IoT devices generate and store a large amount of data either on the device or in the cloud. This could be the data a device is generating (such as the commands you give to Google Home or the video captured by a webcam) or the user's account information or credit card information, etc. All of this is of some value to an attacker and a vulnerable IoT device is one way to reach it."

Botnets, which are essentially an army of compromised devices, can also be used to take down websites and other devices on the internet. For example, the Mirai malware is one of the most well-known botnets, targeting Linux-based devices like routers and home surveillance cameras and turning them into an army of bots that conduct distributed denial of service (DDoS) attacks. Attackers can also steal data from IoT devices, use them to gain access into more complex networks, and they could potentially use devices to spy on unsuspecting users.  

"Any vulnerable device can potentially become a bot for an attacker, however, IoT devices are especially at risk because we are at a very early stage in terms of IoT maturity," adds Kumar.

A 2021 report from Kaspersky showed more than 1.5 billion IoT device breaches in the first half of the year alone.

Devices are typically compromised because:

  • Manufacturers do not embed security into their devices
  • Security updates are few and far between (if there are updates at all)
  • Ports are left exposed
  • Users don't change default usernames and passwords on devices
  • Internet-connected networks are compromised (IoT devices operate on these networks).

Another April 2021 report from global technology firm Thales says there are six main IoT security challenges: Weak password protection, lack of regular patches and updates and weak update mechanism; insecure interfaces; Insufficient data protection; poor IoT device management; and the IoT skills gap.

These risks are not enough to stem the circulation of IoT devices in global and local markets. While nothing can stop someone from ordering a security camera from China (except, perhaps Customs), what about the devices currently available in New Zealand?

Spark's Tony Agar says that when Spark provides connectivity to its customers, it understands what kinds of security customers need. The company then designs network services to meet security needs. 

"Once the service is up and running, Spark monitors all devices on our networks for abnormal behaviour and will proactively engage with customers when non-standard network events are observed to ensure fixes are undertaken (and to ensure the network remains stable)."

Over at Ingram Micro, the company believes security is everyone's ability, particularly within commercial IoT.

Blackmore says, "Manufacturers are responsible for building their products as securely as possible and providing firmware updates over time to ensure those devices remain secure. Distributors, resellers, and service providers have a duty of care to design solutions that protect the customer's data and data infrastructure. Security is not a product, it is a mandatory feature, acquired by deliberate design, and included in every data creation, communication, analysis, and storage solution."

Ingram Micro's approach determines the different areas in which a device or solution can be secured.
 
"LoRaWAN for example, is secure by design with authentication and end-to-end encryption being mandatory as part of the standard. Similarly, any network based IoT data whether ethernet, BLE or wireless is secured by Zero-Trust and SASE mechanisms from our existing networking and security vendors."

Ingram Micro states that its IoT solutions are secure by design, so it also ensures that New Zealand businesses operating within the technology channel are aware and educated about different security mechanisms, so they can then make sure their customers are educated. On top of that, the company can provide additional layers of security via a third-party network, data and security vendors.

Dealing with IoT vulnerabilities

Despite protections put in place by manufacturers, distributors, resellers, and us at home, vulnerabilities will remain a significant security challenge. According to stack.watch, there have been 17,145 published vulnerabilities this year, and the number will continue to climb. Of course, not all of those vulnerabilities will involve IoT devices, but they do underscore an essential point: vulnerabilities are an inevitable part of life. Not every device or network can remain secure all the time.

Touching on Spark's approach to security vulnerabilities, Agar says, "We work with vendors when device issues are observed to get them resolved. Typically we do this as part of the Permit to Connect process so we know devices when on our networks will operate in line with the GSMA industry device standards. When a device deviate from standard behaviour, we work with vendors to understand and address the issue."

Ingram Micro's Steve Blackmore says vendor agreements have mechanisms in place to deal with vulnerabilities.

"Our vendors are required to represent and warrant that their products don't contain harmful code and meet information warranties. Should a vulnerability be discovered, Ingram Micro will work with the vendor to assist in any relevant remedial work such as advertisement of new firmware required, or product recall with the vendor contractually obliged to assist with relevant authorities."

Both Spark and Ingram Micro have steps in place to deal with vulnerabilities, and both consider security a priority from the beginning. It is fortunate that such high-profile companies are committed, but will everyone sing to the same tune?

When we reached out to retailer Noel Leeming, we did not get a response. A few other technology retailers also declined to participate. It was similarly difficult to encourage IoT manufacturers to present their thoughts. The absence of manufacturers and retailers from this story certainly leaves much to be desired when looking at the overall approach to IoT in New Zealand. 

It is clear that IoT security is not an afterthought, but it is something that legislation is struggling to keep up with. For example, there is little to no protection if an IoT device sold in New Zealand is involved in a breach. Under the Privacy Act 2020, an organisation with a presence in New Zealand must notify the Office of the Privacy Commissioner in the event of a breach. In addition, the Consumer Guarantees Act mandates that those in trade cannot mislead or deceive consumers - this includes misleading people about the security of a product. 

Suppose the IoT opportunities for New Zealand's commercial sectors like agritech are as important to the Government as its industry policies suggest. In that case, there needs to be more public discourse about how we secure a technology that many industries may come to depend on for their business - and New Zealand's economy..

Public Interest Journalism Fund logo
Public Interest Journalism funded through NZ On Air.
Related stories
Top stories
Story image
Customer experience
Research unveils precarious customer loyalty for retailers
New research has found customers are reassessing established brand loyalties as their priorities and behaviours shift.
Story image
First Table
First Table set to revive restaurant commerce in NZ with platform launch
A new restaurant booking platform has launched in New Zealand, giving Kiwi diners the opportunity to save and book at a variety of restaurants around the country.
Story image
Lightspeed
Lightspeed launches all-in-one marketing platform in A/NZ
ECommerce provider, Lightspeed has launched a new all-in-one marketing solution, Lightspeed Marketing & Loyalty in Australia and New Zealand.
Story image
CRM
Zendesk announces new conversational CRM solutions
“The last few years have made it obvious that digital is the front door, convenience is paramount and relationships are anchored in conversations."
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Remote Working
Better tech key to adapting to the hybrid workplace - Adobe
The shift to hybrid work has been a boon for many information workers, but also comes with its share of challenges, particularly with regards to technology.
Story image
SAS
New SAS service overcomes subscription fatigue for media companies
SAS has launched SAS 360 Match which helps media companies move towards a AVOD model to generate revenue as subscribers cancel.
Story image
Esker
Esker named Challenger in 2022 Gartner Magic Quadrant
Esker has been named a Challenger in the 2022 Gartner Magic Quadrant for Integrated Invoice-to-Cash Applications.
Story image
Sustainability
The AI Forum helps NZ pave the way with AI sustainability practices
Non-profit organisation The AI Forum is helping Kiwis learn about addressing climate change issues through the use of AI technology.
Story image
Chorus
Chorus enhances West Coast infrastructure for upgraded telecoms
Chorus has announced the completion of a 250km infrastructure project set to provide the West Coast with upgraded and enhanced telecommunications.
Story image
Adyen
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
Fintech
Incumbent banks must embrace data-centric capabilities
Retail banks are lagging in their ability to offer true omnichannel experiences, as customers pivot to competitors that offer more personalised experiences.
Story image
IBM
Vodafone extends collaboration with IBM, MATRIXX Software
"To realise the promise of 5G, decisions need to be made with the right technology solutions, skills and support to execute and succeed."
Story image
Customer experience
Dell Technologies expands edge innovations for retailers
Dell Technologies has announced the expansion of its edge solutions to help retailers quickly generate more value and deliver enhanced customer experiences.
Story image
Microsoft
Spark launches Microsoft Dynamics 365 upgrade across enterprise
Spark and Microsoft NZ have recently collaborated to launch Microsoft Dynamics 365 across the entire Spark business enterprise.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Amazon Web Services / AWS
AWS granted OIO consent for billion dollar NZ Region project
AWS has announced that the Overseas Investment Office (OIO) has granted consent for the advancement of the new billion-dollar AWS Asia Pacific (Auckland) Region project.
Story image
Climate change
Record growth for NZ startups as conscious investment trend emerges
New Zealand has a reputation for efficiency and innovation, and has strong potential to be a leader in climate tech.
Story image
Fintech
Visa chooses NZ startup for APAC Accelerator Programme
Visa has selected New Zealand payments startup Cymonz for the 2022 cohort of its Visa Accelerator Programme in Asia Pacific.
Story image
SaaS
Forrester Research names BigCommerce a Strong Performer
BigCommerce has announced it has been named a Strong Performer by Forrester Research in both the Forrester Wave: B2C Commerce Solutions, Q2 2022 and the Forrester Wave: B2B Commerce Solutions, Q2 2022 reports.
Story image
CRM
Freshworks launches new CRM with Shopify availability
Freshworks has launched a new customer relationship management (CRM) solution, which has also been made available on the Shopify apps store.
Story image
Marketplacer
Marketplacer and True Woo partner for wellness marketplace
Marketplacer has announced the completion of a new holistic online marketplace for True Woo, offering a range of products and services targeted at individuals seeking ways to improve their wellbeing.
Story image
Sustainability
Hootsuite 2021 Impact Report shows workforce more diverse
Hootsuite has released its annual 2021 Impact Report detailing the results of its social impact initiatives following the launch of its corporate guiding principles.
Story image
Customer experience
8x8 and Genesys collaborate on customer service solution
With the new integration, organisations can align agents and the appropriate subject matter experts to collaborate for better customer outcomes.
Story image
Machine Learning
Moloco launches updates to Cloud Demand-Side Platform
The latest updates focus on improving performance through intelligent budget allocation, automating workflows through smart campaign UI/UX, and ad creation.
Story image
Artificial Intelligence
SAS unveils AI experience to improve kids' batting abilities
SAS has created The Batting Lab, an interactive experience using AI, computer vision and IoT analytics to help kids improve their baseball and softball swings.
Story image
Network Management
Vodafone, Anodot to transform network, customer experience
Vodafone New Zealand has chosen Anodot to transform its network performance visibility and improve customer experiences.
Story image
Forrester
commercetools named a Leader in B2B Forrester report
commercetools has been named a Leader in The Forrester Wave: B2B Commerce Solutions, Q2 2022 report, receiving the highest scores possible in 10 criteria.
Story image
HP New Zealand
HPE NZ sees $8 million decline in latest financial report
HPE New Zealand has seen a decline of over NZD$8 million in the sale of its goods year-over-year, according to its latest financial report.
Story image
Phishing
Retail and wholesale at significant risk of phishing attacks
New research from Zscaler has found that many retail and wholesale environments are at significant risk, with a 400% increase in phishing attacks being reported in the last 12 months.
Story image
Artificial Intelligence
Laybuy launches new AI chatbot Hugo using Ambit tech
Laybuy partners with fellow New Zealand company Ambit to launch conversational AI in a bid to support its international growth.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Xero
More solutions updates and developments from Xero announced
Xero has announced a raft of new globally available solutions, features and product updates for the month of May, along with future developments soon to be rolled out.
Story image
Open banking
A look at the rewards and risks of open banking - report
RiskBusiness says its report on open banking finds that while it holds much potential, financial services firms need to ensure they have robust, risk processes.
Story image
Veryfi
Veryfi announces Mobile Receipt Capture for D2C marketing apps
Veryfi has announced a new enhancement to its portfolio, with Mobile Receipt Capture for direct-to-consumer marketing apps.
Story image
Collaboration
Is video technology the future of retail?
The way we hunt for and buy products has forever changed with innovative technology designed to take customers from their initial curiosity through to purchase
Story image
Cryptocurrency
Prominent cryptocurrency trader hit by 'perfect storm'
A leading local crypto currency trading platform, BitPrime, says a "perfect storm" has hit its finances, forcing it to put a halt on operations.
Story image
Microsoft
FIS Modern Banking Platform now available on Microsoft Azure
FIS says the partnership will expand its digital online banking to markets like New Zealand, the United Kingdom and Thailand
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
CRM
Salesforce launches AI-based insights with CRM Analytics
Salesforce announces CRM Analytics, AI-based insights for sales, marketing, and service teams in every industry.
Story image
Collaboration
Zoom announces CX innovations for 'work anywhere' workforce
Zoom Video Communications has unveiled its latest innovations in the Zoom platform to help businesses improve customer and employee experiences.
Story image
Amazon Web Services / AWS
Databricks strengthens AWS partnership with new Lakehouse offering
Customers will experience faster onboarding and unified account administration to make building a Databricks Lakehouse on AWS easier.
Story image
Pinterest
Pinterest partners with WooCommerce and launches app
The new app gives businesses of all sizes the power to turn their product catalogues into shoppable product pins on Pinterest
Story image
Customer experience
Digital insight through UCaaS to improve customer experience
One of the most quoted adages in business is "if you can't measure it, you can't manage it" this has been a long-held problem in telephony and customer service.