The Internet of Things (IoT) can be a transformative technology source for commercial real estate owners, as it makes a number of in-building devices and systems “smart” from thermostats, lighting, locks and security systems.
But with all of those transformative possibilities, comes a fair amount of risk, Vishal Gupta, Global CTO and CIO, SVP Connected Technology for Lexmark, recently wrote for Forbes. After all, any device that operates over the internet is susceptible to a cyberattack, as well as the wireless network itself.
“With an overwhelming amount of high-profile breaches making headlines, corporate America has come to realize that the operational and reputational damage caused by a breach is very real, and they must act fast in order to not be the next victim,” Gupta wrote. “To prevent cyberattacks, organizations must ensure they efficiently manage IoT devices, defend them from hackers and protect critical information.”
Protecting networks and devices against cyber attackers is no small feat. About 127 new devices go online every second, according to global management consulting firm McKinsey & Company. Meanwhile, more than 41 billion IoT devices are expected to exist by 2027, Business Insider reports. As the number of available IoT devices increases, so does the need for effective cybersecurity.
Unsecured IoT devices digital infrastructure access is what makes them such a big cybersecurity risk, according to Gupta. Smart TVs, smartwatches and IP cameras are just a few of the devices that fell victim to malware attacks, which increased by 700% during the COVID-19 pandemic, according to cloud security company Zscaler’s study.
How to secure IoT devices
Many businesses have adopted a zero-trust framework to help address the growing cybersecurity issues, Gupta wrote. The framework is based on a “no one is trusted automatically” mentality and assumes that hackers will get into or are already inside a network. Zero trust makes it so every device, user and application get the least-privileged architecture access — even after they’ve authenticated and authorized.
Zero trust’s key principles include: always verify; never trust and take steps to reduce any impact, if breached and enforce the least amount of privilege. One of the benefits of the zero-trust approach is it considers how important the apps the users or devices are trying to get to, as well as whether they fit their roles, access requirements and responsibilities.
When implementing zero trust, organizations should choose a vendor that makes sense for them and can provide solutions that will identify and evaluate practices on a consistent basis. Vendors should also use tech that will keep an organization secure.
“The same technologies that are enabling organizations to maximize the benefits of IoT are exponentially increasing the security threat to the network’s integrity and placing valuable information at risk,” Gupta wrote. “By using a zero-trust framework, organizations can unleash the full power of IoT while diligently protecting their networks, data and customers.”
