When most people talk about the Internet of Things (IoT) today, they’re usually referring to the cool gadgets and toys du jour – Google Glass, connected homes, iWatch and fitness bracelets etc. But it’s important to remember that IoT also applies to more mundane systems, such as lighting sensors, heating and cooling systems, vendor machines, commercial fridges, electronic gates, and many many other IP based systems that are likely already maintaining your enterprise – without you even realizing it.
In most cases these systems are managed by facilities managers, usually using old, often unpatched computers – systems that are connected to the internet and often to your corporate network.
Unfortunately facilities managers are not always the most technology savvy, nor do they have a lot of exposure to the company’s information security processes and practices. Yet they are also likely to be people who take initiative and deploy the latest gadget for managing window blinds or some other smart building system.
These IoT systems are clearly a weak, or even broken, link in your IT and physical enterprise security practices, providing new attack vectors for cyber hackers and for flesh and blood criminals. First, they might attack the physical system from the IT side: for example, by exploiting the IP interface of the system that manages the electronic gates in order to break in to your parking garage to steal the CEO’s nice new shiny BMW. Second, they might attack your IT infrastructure by breaking into the IoT gadget itself: for example, by breaking into the IP-ready holiday lights and using it as a stepping stone into your production network.
So here are 5 key tips to help protect your organization from the uncool side IoT:
With IoT fast becoming an integrated part of literally ‘keeping the lights on” at most organizations, remember that while it may look ‘cool’ it can also be a wide open door for criminals. Make sure you shut it!
Receive notifications of new posts by email.