The ever-expanding Internet of Things (IoT) continues to grow unabated. Simple everyday items are becoming connected to the Internet. Potted plants are now able to tell you if they are too cold or thirsty and can automatically adjust the room temperature or water themselves. I can only imagine what the original Luddites would think.

The ability to remotely monitor, control and change your work environment is also an evolving and improving capability. The first vestiges of a smart office appeared when printers and copiers became part of the network, but with the convergence of Internet, cellular networks, Wi-Fi and Bluetooth technologies, nearly anything can be at your fingertips. The workplace is now smart.

All This Neat Stuff

Items encompassed by the IoT are, by definition, limitless. Computers, printers and mobile devices have been connected for some time. However, many items not normally part of a network are now Internet-enabled in an office setting. These include security cameras, door locks, motion sensors, window blinds, power outlets, vending machines, scales, trash cans, robotic vacuums, light bulbs, heating and air conditioning systems, thermostats and the aforementioned plant pots.

The rationale behind the smart office, smart store or smart factory is to improve productivity, control costs, facilitate inventory management, allow remote monitoring and diagnosis of equipment and even reduce the need to perform mundane functions (like watering the plants). The components within a smart office are capable of exchanging information automatically, communicating with nodes on different networks and interacting with cognitive computing systems. This allows you to control the environment.

Unintended Consequences

As the saying goes, “It’s all fun and games until someone loses an eye.” The smart office has value, but it also has unintended consequences. The multitude of networked components allows attackers to have an expanded attack landscape. And many of the devices are not designed to resist attacks. Why would I need to protect my potted plant? The reality is that, when networked, the IoT components can offer attackers a window to access the enterprise’s network. A smart office can be an attacker’s buffet.

The initial entry point for at least one high-profile data breach was via an HVAC system. In 2012, the FBI issued a report explaining how a company was breached via the Internet-connected HVAC controls. Researchers have also demonstrated that they can access systems in one facility from a network-connected IoT device in another facility. That ability to access systems is a legitimate function. If you are using a device to monitor inventory, for example, devices are designed to communicate with the inventory control management system. Cybercriminals can take advantage of legitimate access to create illicit connections.

Smart on Security, Too

Securing IoT devices has been a hot topic as of late, but most of the news has been tied to the hacking of connected automobiles. This is interesting and valuable research, especially for the safety of the passengers, but an automobile is only one thing. The real concern arises when many things are networked together, and those things can trace a route to an enterprise’s valuable data, disrupt its supply chain and impact productivity in a big way.

It is imperative that IoT devices be smart on security, but also for the whole infrastructure be robust. There are certain ingredients for IoT security: Many are simple and standard security practices that need to be enforced in a smart office, and others require additional diligence by IoT device manufacturers.

Manufacturers have to realize that their interesting IoT device has to be sturdy not just to ensure functionality, but also to provide security. Operating systems must be trustworthy, and the software must be designed using best practices, which include application code scanning. Flaws will eventually be discovered, so there must be mechanisms designed to update flawed or vulnerable software.

How to Foster Smart Office Security

To enable smart security, the organization has a responsibility to ensure devices are authenticated, to operate under the principle of least privilege and to implement network segmentation. IoT network security protection components should also include intrusion detection, network access control and behavioral anomaly detection. New entities will come onto the network, and unless you are constantly vigilant, you will not be aware.

Both the device manufacturer and the enterprise have responsibility for the final key element: data security. All data should be encrypted because you can never be sure that sensitive data isn’t being generated. Encryption needs to be built into the device or into the applications that interface with it, but it is up to the user to enable such a feature.

When implemented, these controls will make it difficult for a cybercriminal to use that smart plant to access your customer database.

Listen to the podcast series: Five Indisputable Facts about IoT Security

More from Artificial Intelligence

Stress-testing multimodal AI applications is a new frontier for red teams

5 min read - Human communication is multimodal. We receive information in many different ways, allowing our brains to see the world from various angles and turn these different "modes" of information into a consolidated picture of reality.We’ve now reached the point where artificial intelligence (AI) can do the same, at least to a degree. Much like our brains, multimodal AI applications process different types — or modalities — of data. For example, OpenAI’s ChatGPT 4.0 can reason across text, vision and audio, granting…

Cybersecurity awareness: Apple’s cloud-based AI security system

3 min read - The rising influence of artificial intelligence (AI) has many organizations scrambling to address the new cybersecurity and data privacy concerns created by the technology, especially as AI is used in cloud systems. Apple addresses AI’s security and privacy issues head-on with its Private Cloud Compute (PCC) system.Apple seems to have solved the problem of offering cloud services without undermining user privacy or adding additional layers of insecurity. It had to do so, as Apple needed to create a cloud infrastructure…

How AI-driven SOC co-pilots will change security center operations

4 min read - Have you ever wished you had an assistant at your security operations centers (SOCs) — especially one who never calls in sick, has a bad day or takes a long lunch? Your wish may come true soon. Not surprisingly, AI-driven SOC “co-pilots” are topping the lists for cybersecurity predictions in 2025, which often describe these tools as game-changers.“AI-driven SOC co-pilots will make a significant impact in 2025, helping security teams prioritize threats and turn overwhelming amounts of data into actionable…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today