The ever-expanding Internet of Things (IoT) continues to grow unabated. Simple everyday items are becoming connected to the Internet. Potted plants are now able to tell you if they are too cold or thirsty and can automatically adjust the room temperature or water themselves. I can only imagine what the original Luddites would think.

The ability to remotely monitor, control and change your work environment is also an evolving and improving capability. The first vestiges of a smart office appeared when printers and copiers became part of the network, but with the convergence of Internet, cellular networks, Wi-Fi and Bluetooth technologies, nearly anything can be at your fingertips. The workplace is now smart.

All This Neat Stuff

Items encompassed by the IoT are, by definition, limitless. Computers, printers and mobile devices have been connected for some time. However, many items not normally part of a network are now Internet-enabled in an office setting. These include security cameras, door locks, motion sensors, window blinds, power outlets, vending machines, scales, trash cans, robotic vacuums, light bulbs, heating and air conditioning systems, thermostats and the aforementioned plant pots.

The rationale behind the smart office, smart store or smart factory is to improve productivity, control costs, facilitate inventory management, allow remote monitoring and diagnosis of equipment and even reduce the need to perform mundane functions (like watering the plants). The components within a smart office are capable of exchanging information automatically, communicating with nodes on different networks and interacting with cognitive computing systems. This allows you to control the environment.

Unintended Consequences

As the saying goes, “It’s all fun and games until someone loses an eye.” The smart office has value, but it also has unintended consequences. The multitude of networked components allows attackers to have an expanded attack landscape. And many of the devices are not designed to resist attacks. Why would I need to protect my potted plant? The reality is that, when networked, the IoT components can offer attackers a window to access the enterprise’s network. A smart office can be an attacker’s buffet.

The initial entry point for at least one high-profile data breach was via an HVAC system. In 2012, the FBI issued a report explaining how a company was breached via the Internet-connected HVAC controls. Researchers have also demonstrated that they can access systems in one facility from a network-connected IoT device in another facility. That ability to access systems is a legitimate function. If you are using a device to monitor inventory, for example, devices are designed to communicate with the inventory control management system. Cybercriminals can take advantage of legitimate access to create illicit connections.

Smart on Security, Too

Securing IoT devices has been a hot topic as of late, but most of the news has been tied to the hacking of connected automobiles. This is interesting and valuable research, especially for the safety of the passengers, but an automobile is only one thing. The real concern arises when many things are networked together, and those things can trace a route to an enterprise’s valuable data, disrupt its supply chain and impact productivity in a big way.

It is imperative that IoT devices be smart on security, but also for the whole infrastructure be robust. There are certain ingredients for IoT security: Many are simple and standard security practices that need to be enforced in a smart office, and others require additional diligence by IoT device manufacturers.

Manufacturers have to realize that their interesting IoT device has to be sturdy not just to ensure functionality, but also to provide security. Operating systems must be trustworthy, and the software must be designed using best practices, which include application code scanning. Flaws will eventually be discovered, so there must be mechanisms designed to update flawed or vulnerable software.

How to Foster Smart Office Security

To enable smart security, the organization has a responsibility to ensure devices are authenticated, to operate under the principle of least privilege and to implement network segmentation. IoT network security protection components should also include intrusion detection, network access control and behavioral anomaly detection. New entities will come onto the network, and unless you are constantly vigilant, you will not be aware.

Both the device manufacturer and the enterprise have responsibility for the final key element: data security. All data should be encrypted because you can never be sure that sensitive data isn’t being generated. Encryption needs to be built into the device or into the applications that interface with it, but it is up to the user to enable such a feature.

When implemented, these controls will make it difficult for a cybercriminal to use that smart plant to access your customer database.

Listen to the podcast series: Five Indisputable Facts about IoT Security

More from Artificial Intelligence

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…

4 Ways AI Capabilities Transform Security

Many industries have had to tighten belts in the "new normal". In cybersecurity, artificial intelligence (AI) can help.   Every day of the new normal we learn how the pandemic sped up digital transformation, as reflected in the new opportunities and new risks. For many, organizational complexity and legacy infrastructure and support processes are the leading barriers to the effectiveness of their security.   Adding to the dynamics, short-handed teams are overwhelmed with too much data from disparate sources and…

What’s New in the 2022 Cost of a Data Breach Report

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when…

Real Security Concerns Are Scarier Than Doomsday Predictions

The metaverse, artificial intelligence (AI) run amok, the singularity ... many far-out situations have become a dinner-table conversation. Will AI take over the world? Will you one day have a computer chip in your brain? These science fiction ideas may never come to fruition, but some do point to existing security risks. While nobody can predict the future, should we worry about any of these issues? What's the difference between a real threat and hype? The Promise of the Metaverse…