Smart Buildings & IoT: Consider the Connective Security Risks

  • October 02, 2019
  • Feature
Smart Buildings & IoT: Consider the Connective Security Risks
Smart Buildings & IoT: Consider the Connective Security Risks

By Andrea Carcano, Co-Founder & CPO, Nozomi Networks

According to a 2019 report from IDC, Internet of Things (IoT) spending is expected to reach $745 billion globally this year and maintain double-digital annual growth through 2022. Smart technology is becoming popular, and not just among consumers, but also for businesses and organizations alike.

Technological innovation is revolutionizing modern workplaces. The installation and use of smart technology increases productivity, optimizes functionality and improves everyday work life. Smart technology within buildings offers huge benefits and not just for occupants. It can significantly reduce overhead costs and shrink the environmental footprint of the building to overall improve efficiency and sustainability.


Open Doors to Attack

However, the risks may outweigh the many benefits that smart buildings offer. The effective convergence of operational technology (OT) and IT systems is key to supporting these smart devices which, without proper security measures in place, can open facilities up to an increased threat of hacking.

From smart thermostats, which can change the temperature remotely, to intelligent lighting, controlled and adjusted from almost any smart phone or internet connected device, the addition of smart technology within a building creates an array of new access points from IoT devices. This ultimately means that when offices turn their workplaces into smart buildings, attackers have an even larger range of entry points to gain access to organizations’ networks.

If a hacker can breach a smart building through an OT entry point, the hacker can eventually gain access to the building’s IT network, giving a world of new opportunities to the hacker.

New smart technologies connected to the IT network open new entry paths into corporate networks that hold sensitive, private and proprietary information. It is a possibility that an attacker could use a new smart thermostat or lighting device system as a different way in to install malware on the corporate network or even worse - launch ransomware attacks against the organization.


Security is a Priority

Security must be a forethought for every single internet-enabled appliance introduced or installed into the smart buildings. 

While most people wouldn’t look at their digitized lighting system as an attractive target for attackers, it is because it ultimately connects to the full corporate network. Deploying any smart building technology should be well thought-out to ensure its secure and intelligently arranged.

To enjoy the benefits of smart devices within a building, it is important to comprehensively account for the security of all networks and devices. A simple best practice starts with maintaining an up-to-date and accurate inventory of every device that lives on the network. It’s also essential to always update all software and hardware with the latest patches to thwart any known vulnerabilities before attackers could exploit them.

It is imperative to safeguard the organization internally. This means conducting all staff trainings of potential security threats and educating employees about the dangers of email phishing campaigns. These exercises should include an understanding of how to recognize malicious emails and attachments.

Organizations should also employ cybersecurity professionals to set up the necessary monitoring and alerting security platforms. It is crucial for organizations to put multiple levels of protection in place – from securing the network itself to observing it in real-time for anomalies that could indicate a cyber threat is present.

In simple terms, the idea behind the smart buildings concept is to provide a hassle-free experience to occupants while efficiently using energy resources with the fusion of sensors and other IoT devices. Today’s smart buildings contain a variety of sensors, control systems, networks, and applications.

It’s true that smart technologies introduced into workplace environments can significantly improve the productivity of those occupying them and improve our global environmental footprint. At the same time, it’s important to remember that adding IoT-connected devices to your network makes it more susceptible to intruders by increasing the attack surface. That’s why it's important to plan the security of all new internet-enabled appliances before adding them to the network.

Recent research and experience in the modern world have shown that when things connect to the internet, they become a target for malicious hackers. It is imperative that smart building operators make security a priority.

Learn More

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..