The ever-expanding Internet of Things (IoT) continues to grow unabated. Simple everyday items are becoming connected to the Internet. Potted plants are now able to tell you if they are too cold or thirsty and can automatically adjust the room temperature or water themselves. I can only imagine what the original Luddites would think.

The ability to remotely monitor, control and change your work environment is also an evolving and improving capability. The first vestiges of a smart office appeared when printers and copiers became part of the network, but with the convergence of Internet, cellular networks, Wi-Fi and Bluetooth technologies, nearly anything can be at your fingertips. The workplace is now smart.

All This Neat Stuff

Items encompassed by the IoT are, by definition, limitless. Computers, printers and mobile devices have been connected for some time. However, many items not normally part of a network are now Internet-enabled in an office setting. These include security cameras, door locks, motion sensors, window blinds, power outlets, vending machines, scales, trash cans, robotic vacuums, light bulbs, heating and air conditioning systems, thermostats and the aforementioned plant pots.

The rationale behind the smart office, smart store or smart factory is to improve productivity, control costs, facilitate inventory management, allow remote monitoring and diagnosis of equipment and even reduce the need to perform mundane functions (like watering the plants). The components within a smart office are capable of exchanging information automatically, communicating with nodes on different networks and interacting with cognitive computing systems. This allows you to control the environment.

Unintended Consequences

As the saying goes, “It’s all fun and games until someone loses an eye.” The smart office has value, but it also has unintended consequences. The multitude of networked components allows attackers to have an expanded attack landscape. And many of the devices are not designed to resist attacks. Why would I need to protect my potted plant? The reality is that, when networked, the IoT components can offer attackers a window to access the enterprise’s network. A smart office can be an attacker’s buffet.

The initial entry point for at least one high-profile data breach was via an HVAC system. In 2012, the FBI issued a report explaining how a company was breached via the Internet-connected HVAC controls. Researchers have also demonstrated that they can access systems in one facility from a network-connected IoT device in another facility. That ability to access systems is a legitimate function. If you are using a device to monitor inventory, for example, devices are designed to communicate with the inventory control management system. Cybercriminals can take advantage of legitimate access to create illicit connections.

Smart on Security, Too

Securing IoT devices has been a hot topic as of late, but most of the news has been tied to the hacking of connected automobiles. This is interesting and valuable research, especially for the safety of the passengers, but an automobile is only one thing. The real concern arises when many things are networked together, and those things can trace a route to an enterprise’s valuable data, disrupt its supply chain and impact productivity in a big way.

It is imperative that IoT devices be smart on security, but also for the whole infrastructure be robust. There are certain ingredients for IoT security: Many are simple and standard security practices that need to be enforced in a smart office, and others require additional diligence by IoT device manufacturers.

Manufacturers have to realize that their interesting IoT device has to be sturdy not just to ensure functionality, but also to provide security. Operating systems must be trustworthy, and the software must be designed using best practices, which include application code scanning. Flaws will eventually be discovered, so there must be mechanisms designed to update flawed or vulnerable software.

How to Foster Smart Office Security

To enable smart security, the organization has a responsibility to ensure devices are authenticated, to operate under the principle of least privilege and to implement network segmentation. IoT network security protection components should also include intrusion detection, network access control and behavioral anomaly detection. New entities will come onto the network, and unless you are constantly vigilant, you will not be aware.

Both the device manufacturer and the enterprise have responsibility for the final key element: data security. All data should be encrypted because you can never be sure that sensitive data isn’t being generated. Encryption needs to be built into the device or into the applications that interface with it, but it is up to the user to enable such a feature.

When implemented, these controls will make it difficult for a cybercriminal to use that smart plant to access your customer database.

Listen to the podcast series: Five Indisputable Facts about IoT Security

More from Artificial Intelligence

How I got started: AI security executive

3 min read - Artificial intelligence and machine learning are becoming increasingly crucial to cybersecurity systems. Organizations need professionals with a strong background that mixes AI/ML knowledge with cybersecurity skills, bringing on board people like Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, who has a unique blend of technical and soft skills. Carignan was originally a dance major but was also working for NASA as a hardware IT engineer, which forged her path into AI and cybersecurity.Where did you go to…

ChatGPT 4 can exploit 87% of one-day vulnerabilities: Is it really that impressive?

2 min read - After reading about the recent cybersecurity research by Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang, I had questions. While initially impressed that ChatGPT 4 can exploit the vast majority of one-day vulnerabilities, I started thinking about what the results really mean in the grand scheme of cybersecurity. Most importantly, I wondered how a human cybersecurity professional’s results for the same tasks would compare.To get some answers, I talked with Shanchieh Yang, Director of Research at the Rochester Institute…

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today