They are everywhere. They collect, analyze, send, and store data. And security?

Cameras, sensors, meters, smart devices. They are already in energy, transportation, healthcare, in small and large companies. Tiny IoT boxes can mean big problems. 

This new world brings many security challenges. Moreover, the long life cycle of robust operational technologies contrasts with the rapid development of IoT devices. 

Companies usually buy or develop IoT devices to bring new services, increase efficiency, automate routine processes, and ideally save costs. 

"The problem arises when an increasing number of IoT devices start to accumulate – from sensors through cameras, actuators to sophisticated devices in logistics or manufacturing. They were designed with an emphasis on compatibility and functionality, not security," says Rudolf Klein, product manager at Aliter Technologies. 

Here Rudolf Klein continues mercilessly in describing the environment. Devices have weak or no encryption of communication because the effort to make them "invisible" in the network could disrupt their compatibility. Regular users want simple installation, modern interfaces, and a visible sense of value for money spent, and here "boring security gives way to requirements." 

Moreover, manufacturers often stop supporting innovations after a few years and stop issuing security updates. And if they are available, the device is connected remotely and uses expensive data for updates. 

This means that the network often contains devices that are either at the edge of security policy or completely bypass it. However, they are connected to the same network as company computers, servers, internal systems, and databases including sensitive information data. 

In industrial systems, IoT devices are increasingly used as part of operational technologies. Both are often connected to the network, exposing them to cyber threats or they are carriers of vulnerabilities. A compromised IoT device can be an entry point for an attack on the entire system. 

Bohuš Levčík, a security specialist with more than two decades of experience in energy, gives an example – if a smart electric meter or a vibration sensor on a turbine does not have secured communication or is vulnerable, they can be misused as an entry point into the entire operational technology infrastructure. 

"To be honest, the topic of IoT security is still not perceived in its entire content spectrum in the corporate environment," says Bohuš Levčík. In larger companies, experts are aware of the risks associated with IoT, especially in critical infrastructures such as energy or industry. In small and medium-sized companies, IoT security is often underestimated. Measures exist, but they are often not systematic. 

And here too, the main problem remains the lack of experts who could properly evaluate IoT threats in an industrial environment. 

Cybersecurity professional Michal Legerský also points to a shift over recent years. "Many companies in the past focused more on IT environment security, and operations and IoT were rather perceived as something that is not attacked and therefore does not need to be protected as much. The current era unfortunately shows us that the opposite is true." 

The increased number of cyberattacks on IoT devices is related to their widespread use and implementation growth. The reason is mainly optimization and streamlining of machinery maintenance, which extends the operability and lifespan of production units and reduces costs. 

Here Michal Legerský boldly says that the media coverage of incidents and sharing experiences significantly helps raise awareness and it is necessary to continue doing so. 

Media coverage of attacks and the pressure of legislative changes cause enlightened company leadership to realize that cyber risks are not just an IT issue. "They have a direct impact on business continuity, reputation, and financial results," warns cybersecurity manager and consultant Viktória Blažíčková.

IoT devices are no longer just technical add-ons. The risk increases with their expansion, while their weak security can threaten not only the company itself but also the entire supply chain. 

Viktória Blažíčková therefore highly appreciates that cybersecurity is getting higher on the top management priority list. However, she considers it crucial that it becomes part of strategic decision-making, not just a response to incidents. 

Just as strict security measures are applied in operational technologies, they must also be implemented on IoT devices. The head of information security department at Volkswagen Slovakia, Marián Klačo, connects these two worlds here. 

Operational technologies have a much longer life cycle than IT technologies, are often outdated, and lack security knowledge is added to that. "Therefore, with the implementation of IoT security measures comes hand in hand the need to increase knowledge among teams managing operational technologies." 

The unmanaged combination of information and operational technologies can be exacerbated by the growing use of artificial intelligence. The interconnection of these three factors dramatically increases cybersecurity risks. "An attack on IT infrastructure can quickly spread to the operational technology environment, which can lead to production stoppage or equipment damage," describes the scenario cybersecurity expert Ivan Kopáčik. 

Systems that use AI can be misused for automated attacks or manipulation of decision-making. Unsecured AI models can be influenced by false inputs, which can lead to incorrect reactions in control processes.

In the global industry, we observe a dual trend - technological and personnel. "The implementation of post-quantum cryptography and AI-based security systems goes hand in hand with building specialized teams of cyber experts," adds Matej Michalko, Chairman of the Supervisory Board of the Critical Infrastructure Association of the Slovak Republic. Need to go further It is necessary to train teams that implement technologies and teams that take care of them about security requirements. This broad spectrum includes integrators, suppliers, planning department staff, and maintenance personnel. 

Already when introducing operational technologies or changing them, it is necessary to remember their security. For example, as part of deployment, doing a so-called hardening, which is something like strengthening the infrastructure and thinking about antivirus protection where appropriate. Here Marián Klačo again reminds the mantra for selecting operational technologies: Security by design.

• 96 percent of cyber attacks in 2024 exploited vulnerabilities that were known before and had updates available

• simulated attacks on healthcare facilities showed 71 percent of compromised devices due to vulnerabilities older than two years 

Source: Check Point Cyber Security Report 2025