IoT’ stands for Internet of Things, and it looks to remain a popular topic in both the consumer and enterprise tech spheres through 2018. It is of particular interest to security experts as the IoT holds both massive potential to aid their efforts and represents a massive threat.
So what is the IoT and what security solutions does it enable?
What IoT Is and Isn’t
The term ‘Internet of Things’ sounds vague, but it’s actually very accurate. Quite simply, the IoT is just a new generation of consumer and enterprise products with internet connections added. While that idea is simple its ramifications are not.
In the consumer world many home appliances are now IoT-enabled, like thermostats you can adjust from your phone, or home security cameras that email you video clips when they detect motion.
This type of technology has powerful enterprise applications in surveillance, detection activities, and supporting rapid incident response. New applications are under development that permit advanced remote control and data collection, real time location solutions, physical security feedback and alerting, and environmental monitoring. But by its very nature the IoT also presents new risks. It blurs the lines between what are network and physical assets, and so makes itself vulnerable to attacks that target each.
So as with any powerful technology the IoT has created both new threats and new opportunities. Expertly applied, businesses can use IoT technology to not only beat back these new threats but also give themselves a powerful advantage in the marketplace.
IoT’s Challenges for Security
Early in 2017, Dimensional Research conducted a survey of both security and IT professionals. They found that 64% were concerned that their organizations were already exposed to IoT devices and were not adequately prepared for the threats they presented.
The primary attack enabled by the IoT is DDoS attacks, Distributed Denial of Service. All you need to understand about a DDoS attack is that it involves an attacker taking control of a large collection of unsecured IoT devices over the internet and pointing them at one business’s network. The attacker forces the devices to spew an overwhelming wave of garbage internet traffic at the business taking it offline.
These attacks increased through 2017, up to a whopping 91% in the third quarter. This in part was driven by the rapidly falling cost of perpetrating a DDoS attack. DDoS-for-hire criminal services became available for as little as $100.
This data is particularly concerning for enterprise security teams as IoT devices can permit much deeper penetration in their environments. Since they’re often used for detection or surveillance of unattended locations, hacking IoT devices also potentially increases an attacker’s chance of accessing facility space they normally could not otherwise physically access.
So your IoT devices can be a gateway to compromising both the rest of your networked physical security systems and your IT infrastructure. Once compromised, the devices can also be used for lateral attacks inside your perimeter, damaging your organization and infrastructure even further.
These new threats are concerning, but they are mitigated through proper deployment of new IoT systems. And the new capabilities these systems offer are impressive.
IoT-Powered Solutions That Put You Ahead
IoT technology is a potent tool. A secure network of IoT devices at your organization can automatically collect data as personnel, objects, and the IoT assets themselves move through your environment. This improves accountability organization-wide, supports better compliance, and creates a dataset for security and performance analytics tools to optimize a wide range of security processes.It enables smart homes, smart cars and smart cities. Often these IoT devices are embedded with self-running analytics packages that can detect meaningful threat behavior and assist with analyses right in the field. IoT devices can improve many other security activities too that will help you stay ahead of both current and future threats.
- Employee and Visitor Tracking: IoT devices remove manual supervision when automated assets can track and log movements in real time. This helps you respond faster to emergency events, ensure regulated assets and locations are secure, even provide better customer service when you know up-to-the-minute where your visitors are.
- Detection: Tamper protection sensors and environmental sensors can directly alert not only personnel, but other security systems. This can improve response time in situations where human intervention is slower than simple, triggered alerts.
- Perimeter Protection: Many security activities at the perimeter take well to IoT automation. Surveillance cameras with advanced motion tracking and threat detection analytics packages can issue automated alerts or distribute self-analyzed video for human attention. These cameras are quite effective when paired with high-powered analytics software.
- Asset Tracking: The ability to automate many compliance and general record keeping practices make asset storage and tracking their location another activity improved by IoT technology. Wireless (RFID) tokens let staff rapidly access high-value assets with zero chance of human error in device selection or logging.
- General Safety Improvement: Any activity that can be automated removes the potential for human error in your security practices. There’s full accounting for who took which assets and when. No favors for friends can be granted to bypass proper security checks. Only authorized personnel are able to access critical or dangerous assets, or keys to sensitive areas or machinery.
The Internet of Things holds massive potential for improving security operations. While we need to be vigilant to the threats it poses, with the help of technology experts, IoT-enabled technology can revolutionize how we deliver security for the better.
Learn more about our RTNmobile real time location solutions and we help with employee safety.
Editor's Note: This post was originally published in March 2018, and has been updated for accuracy and comprehensiveness.