The ever-expanding Internet of Things (IoT) continues to grow unabated. Simple everyday items are becoming connected to the Internet. Potted plants are now able to tell you if they are too cold or thirsty and can automatically adjust the room temperature or water themselves. I can only imagine what the original Luddites would think.

The ability to remotely monitor, control and change your work environment is also an evolving and improving capability. The first vestiges of a smart office appeared when printers and copiers became part of the network, but with the convergence of Internet, cellular networks, Wi-Fi and Bluetooth technologies, nearly anything can be at your fingertips. The workplace is now smart.

All This Neat Stuff

Items encompassed by the IoT are, by definition, limitless. Computers, printers and mobile devices have been connected for some time. However, many items not normally part of a network are now Internet-enabled in an office setting. These include security cameras, door locks, motion sensors, window blinds, power outlets, vending machines, scales, trash cans, robotic vacuums, light bulbs, heating and air conditioning systems, thermostats and the aforementioned plant pots.

The rationale behind the smart office, smart store or smart factory is to improve productivity, control costs, facilitate inventory management, allow remote monitoring and diagnosis of equipment and even reduce the need to perform mundane functions (like watering the plants). The components within a smart office are capable of exchanging information automatically, communicating with nodes on different networks and interacting with cognitive computing systems. This allows you to control the environment.

Unintended Consequences

As the saying goes, “It’s all fun and games until someone loses an eye.” The smart office has value, but it also has unintended consequences. The multitude of networked components allows attackers to have an expanded attack landscape. And many of the devices are not designed to resist attacks. Why would I need to protect my potted plant? The reality is that, when networked, the IoT components can offer attackers a window to access the enterprise’s network. A smart office can be an attacker’s buffet.

The initial entry point for at least one high-profile data breach was via an HVAC system. In 2012, the FBI issued a report explaining how a company was breached via the Internet-connected HVAC controls. Researchers have also demonstrated that they can access systems in one facility from a network-connected IoT device in another facility. That ability to access systems is a legitimate function. If you are using a device to monitor inventory, for example, devices are designed to communicate with the inventory control management system. Cybercriminals can take advantage of legitimate access to create illicit connections.

Smart on Security, Too

Securing IoT devices has been a hot topic as of late, but most of the news has been tied to the hacking of connected automobiles. This is interesting and valuable research, especially for the safety of the passengers, but an automobile is only one thing. The real concern arises when many things are networked together, and those things can trace a route to an enterprise’s valuable data, disrupt its supply chain and impact productivity in a big way.

It is imperative that IoT devices be smart on security, but also for the whole infrastructure be robust. There are certain ingredients for IoT security: Many are simple and standard security practices that need to be enforced in a smart office, and others require additional diligence by IoT device manufacturers.

Manufacturers have to realize that their interesting IoT device has to be sturdy not just to ensure functionality, but also to provide security. Operating systems must be trustworthy, and the software must be designed using best practices, which include application code scanning. Flaws will eventually be discovered, so there must be mechanisms designed to update flawed or vulnerable software.

How to Foster Smart Office Security

To enable smart security, the organization has a responsibility to ensure devices are authenticated, to operate under the principle of least privilege and to implement network segmentation. IoT network security protection components should also include intrusion detection, network access control and behavioral anomaly detection. New entities will come onto the network, and unless you are constantly vigilant, you will not be aware.

Both the device manufacturer and the enterprise have responsibility for the final key element: data security. All data should be encrypted because you can never be sure that sensitive data isn’t being generated. Encryption needs to be built into the device or into the applications that interface with it, but it is up to the user to enable such a feature.

When implemented, these controls will make it difficult for a cybercriminal to use that smart plant to access your customer database.

Listen to the podcast series: Five Indisputable Facts about IoT Security

More from Artificial Intelligence

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

AI reduces data breach lifecycles and costs

3 min read - The cybersecurity tools you implement can make a difference in the financial future of your business. According to the 2023 IBM Cost of a Data Breach report, organizations using security AI and automation incurred fewer data breach costs compared to businesses not using AI-based cybersecurity tools. The report found that the more an organization uses the tools, the greater the benefits reaped. Organizations that extensively used AI and security automation saw an average cost of a data breach of $3.60…