Articles by James Hill
The IoT threat is magnified asuncontrolled devices are introduced into thenetwork through people ‘bringing their owndevices to work’ Intelligent building management, combined with the dramatic increase in IP connected devices brought about by the advent of the Internet of Things (IoT), provides a vast opportunity for large organisations to work smarter, faster and more efficiently than ever before. Intelligent building management systems have the potential to transform the way a business operates and can even boost profits. Yet this very technology, designed to enhance our working lives, can also create serious security threats to our businesses. James Hill, Business Development Manager for NG Bailey’s IT Services division, discusses the common vulnerabilities faced by organisations integrating IoT via intelligent buildings, and the ways they can protect themselves and their assets going forward. Large scale implementation of IoT It is often said that the internet was designed with usability, not security, in mind, and this has become more apparent than ever since the advent of IoT. The IoT arrived, accompanied by massive excitement about the changes it would make to our personal and working lives - and it is still only at the very beginning of its journey. A report by the UK Government estimates that by 2020, the number of IoT connected devices could be anywhere from 20 billion to 100 billion. Compare this with the current number of connected devices, which stands at around 14 billion, and you can begin to understand the extent of the impact IoT could have on everyday life. With any up–and-coming technology, security can be a challenge and the IoT is no exception. Whilst the IoT in intelligent buildings will enhances our lives, even seemingly innocuous devices have the potential to allow illicit access to corporate data and with it, the potential to cause harm. The sheer volume of IoT devices will complicate our networks and expose vulnerabilities across a larger scale than ever before. Despite this, many companies are unaware of the immense potential security risks and are implementing IoT technology without an appropriate security strategy in place. Many companies are unaware ofthe immense potential securityrisks and are implementing IoTtechnology without an appropriatesecurity strategy in place Risks to organisations are furthered by external elements too, as manufacturers rush to produce connected IoT devices with integrated access capabilities and mobile applications and scramble to get them to market quickly. This exposes the devices, and therefore users, to security threats such as software and cross-site scripting vulnerabilities, creating heightened opportunities for cyber-criminals. Common security risks in intelligent buildings There are some common risks that occur repeatedly in businesses seeking to input intelligent building devices through the IoT. Maintenance/Cyber security hygiene: A high proportion of IoT intelligent building breaches are triggered by faulty patch management practices, caused by inadequate monitoring. As such it is vital that every IoT device connected to a network is carefully monitored and patched effectively as soon as an issue occurs. Any delay in securing or patching an element of your system will enable attacks to your security. Access all areas: Integrated and improperly secured IoT systems such as buildings management systems, access controllers, facilities systems and occupancy detectors can be hacked, allowing criminals to gain access to a building if they wish. Privacy and data collection: Many IoT devices constantly collate, share and process data that mean a cyber-criminal with access to the data can collate a dangerously full profile of an organisation very quickly. Surreptitious surveillance: Unwanted surveillance is a real risk for IoT devices that have been integrated into intelligent building systems. Any devices with a visual or audio capability, such as alarm systems, CCTV and voice activated mechanisms are potentially vulnerable to being taken control of if hacked by a criminal. These IoT devices can also communicate and share info and data, creating an additional security threat. Unregulated devices : The IoT threat is magnified substantially as uncontrolled and unregulated devices are introduced into the network through people ‘bringing their own devices to work’. This invariably increases threat risks through vulnerabilities that the business has no visibility of and no control over. Unwanted surveillance is areal risk for IoT devices thathave been integrated intointelligent building systems Securing your network On an organisational level, it is crucial to consider all of the risks noted above, and more, to protect your business from potential damage caused by cyber-criminals. Detailed below is a brief overview of steps you can take to keep your organisation’s IoT devices and networks secure. Plan IoT security prior to implementation rather than as an afterthought, as this will minimise the potential likelihood of future threats. Establish best practice guidelines for ongoing IoT device implementations. Ensure water-tight secure administration access for key security personnel. Always consider both physical and network security when planning as this will create a viable and comprehensive security plan. Engage and purchase devices that have integrated security in mind. Source devices from verified suppliers who value security. Effectively monitor and maintain connected IoT devices, ensuring any potential risk alert is patched as soon as possible. Closely monitor your network for unusual traffic flows that could indicate malicious activity. Put measures in place to stop unauthorised users from accessing devices, data, or your network. Encryption is key. If a security risk is identified, have a pre-prepared ‘multi-layer’ security defence strategy in place to neutralise the threat. Above all, it’s vital that each company’s security is managed by an expert in the field, one that is trained in the application and management of security risks in IoT, and more importantly, in integrating connected devices seamlessly into intelligent buildings to ensure the network is secure and safe - from the smartphones to the perimeter CCTV.