The Edge in Amsterdam is one of the smartest office buildings in the world. The state-of-the-art offices include 28,000 connected sensors for motion, light, temperature, humidity and other conditions, which can all be detected and adjusted to suit workers’ needs.
Further control is available through a mobile application which can find office workers a desk, a parking spot and can even remember their favourite coffee. The questions arises, however, as workers’ lives are made increasingly convenient, are we trading such luxuries for security?
The Internet of Things (IoT) is fast becoming a mainstay within the professional business environment, while also laying the foundations of a new way of working. The utilisation of information and data to enhance intelligence is reshaping how and where we work. While convenient, the security implications associated with such a large volume of improperly secured data is a concern.
Emerging security issues
The Edge is an extreme example, but modern commercial buildings are already typically equipped with control systems and hundreds, if not thousands, of sensors. Many facilities, however, quite simply have systems that have not been properly integrated – with non-integrated points of entry, what was once an inconvenience has now become a realistic threat. Integrating separate systems and getting them to communicate is the biggest roadblock preventing the IoT from reaching its true enterprise potential.
Non-integrated systems utilise only the limited inbuilt security they possess, with many lacking the battery or computing power to implement sophisticated encryption techniques, increasing the risk of cyberattacks or breaches on IoT devices.
Each type of device is vulnerable to different kinds of attacks, and security capabilities in the devices themselves vary. Furthermore, most sensors and supporting network devices are made from outsourced components. If a hacker or cybercriminal gained access to these chipsets and the associated firmware – especially during manufacturing or shipping – a section of malicious code could be inserted into the device and activated in such a way that either shuts it off or impairs its functionality.
The smart office needs a new security mindset
Collecting and analysing big data empowers understanding of facilities and employees like never before. Highly regulated and tightly controlled buildings can collect gigabytes of data on how employees interact – from energy use to emails, location, time spent outside, and who they talk to. This creates a continuous picture of office life – a picture that is an information goldmine for cyber-attackers.
The business world is rife with reports of systems and data breaches at high-profile companies as a result of weaknesses in the systems of third parties – in a large number of cases, due to unsecured data. In order to ensure the security of these IoT devices, a comprehensive approach to IoT security must begin with meaningful employee training in IT security, as well as office system operation rules to reduce the chance of attackers gaining access to systems through social engineering techniques. Only then can different environment-based security policies be effectively utilised.
Once these strategies have been implemented, businesses can begin managing both cyber and physical security solutions together, while conducting customised risk assessments to best identify threats and how to contain them. The best practice for businesses seeking to secure their IoT network is to implement a specialised, multi-layered security solution, including protection against internet threats and data encryption on endpoints. The IoT is the future of industry – in many cases it is also the present. For businesses to fully engage and grow with this new technological landscape, they must ensure the security of these devices.