Physical Security Gaps: Why Too Many Organizations Treat IoT Device operations Like Whack-A-Mole
How innovatively and effectively do today’s organizations use IoT devices to enhance their physical security?
The answer to that question is complicated. Unfortunately, far too many of these organizations fail to operationally manage and monitor their IoT devices, undercutting their entire approach to the physical security of their premises.
At the heart of this problem is a reactive approach to the operational management of IoT devices. Simply put, these organizations treat the operational maintenance of their IoT devices like a game of whack-a-mole – addressing risks only after those risks pop up, rather than preventing them from arising in the first place.
The more frightening problem, of course, is that some companies find out the hard way that the security of their IoT devices is far from child’s play – companies like Verkada, which earlier this year fell victim to a cyberattack in which hackers exploited the company’s failure to rotate its passwords. By exploiting this failure, the attackers gained control of feeds from IP cameras, causing significant damage.
Moreover, even for organizations that are fortunate enough to steer clear of cyberattacks, a reactive approach to the operational management of IoT devices is needlessly inefficient, expensive, and unreliable.
The bottom line: Just like there’s an increasing awareness of the value of taking a proactive rather than reactive approach to cybersecurity, today there needs to be a wider understanding of the importance of taking a proactive approach to the operational management of IoT devices.
What’s involved in a proactive approach to the operational management of IoT devices?
The basic reason that it’s so important to manage IoT devices in a proactive way is straightforward: Otherwise, by the time you see that your devices have an issue, you’re already at risk of facing far more serious problems.
For instance, if you discover that an camera is offline, your physical security will not be sufficiently reliable until that camera is again running reliably and consistently. And because most companies lack the ability to rapidly identify the reason a camera is offline, diagnosing and solving the problem could take days or weeks – leaving the company’s physical security at risk.
This kind of problem could also hinder your company’s productivity – especially if, for example, the offline IoT device is an access control panel rather than a security camera. It could also have serious liability implications, such as if someone is injured on site but there is no recording of the incident or an insurance company would refuse to pay for damage caused by a break-in that occurred while a security access panel was offline.
Worse yet, when it comes to cybersecurity, a reactive approach to the operational management of your IoT devices can actually turn those devices from a defensive tool into an active threat. For example, if you’re using security cameras to protect your company’s on-site intellectual property, then any attackers who infiltrate those camera feeds could potentially gain access to the very same information the cameras were intended to protect.
So, what specific steps can you take to make sure your approach to monitoring and maintaining your IoT devices is proactive enough to be efficient and reliable? It largely boils down to three factors:
- Promptly installing necessary firmware upgrades (so as to protect against vulnerabilities as early as possible).
- Regularly rotating device passwords (so as to make it more difficult for cybercriminals to hack their way into a device feed).
- Monitoring device status and its cyber posture in real time (so as to have the information you need to diagnose and resolve any issues that arise as quickly as possible).
Making a proactive approach a reality: How can automation help?
Much of the reason that the operational management of IoT devices is so challenging and expensive has to do with the scale, variety, and geography of the device deployments involved. Many organizations have massive deployments of thousands (or even tens of thousands) of connected security devices deployed over large distances, and in many cases across multiple sites. This makes basic cybersecurity steps such as password rotations and firmware upgrades a major undertaking.
Adding to the challenge, it’s common for organizations to use multiple types of IoT security devices – not just IP cameras, but also access control panels and others. And these devices frequently include a variety of models produced by different companies.
Considering those factors, it’s not hard to see why automation can play such a pivotal role in taking a more proactive approach to the operational management of IoT devices. Not only can automation make the whole process more efficient, but it can also minimize the risk of human error and blind spots that can put companies at risk.
This is where SecuriThings comes in, or instance, by automatically monitoring the operational status of a whole array of devices around the clock, the SecuriThings’ Horizon solution can notify relevant security professionals in real time whenever an issue arises within any of those devices. This way, our customers can maximize their IoT devices’ uptime while minimizing the amount of human work involved.
Similarly, this technology can ensure that our customers’ security teams are notified when their devices need firmware upgrades – and it can install these upgrades automatically, mitigating cybersecurity vulnerabilities. Our solution also allows for a customized approach to rotating device passwords, so that they are automatically rotated on a schedule that ensures compliance with each organization’s specific IT standards. And because this approach requires minimal work from employees (and especially expensive on-site visits), it reduces the amount of time and money involved in keeping IoT devices secure and operational.
How achievable is a proactive stance when it comes to IoT devices?
There is a certain irony about the way many organizations tend to approach physical security today: They invest in IoT devices specifically to monitor their premises – and yet they have significant challenges when it comes to adequately monitor those devices. In other words, they take a proactive approach to physical security by buying and installing IoT devices, but they take a dangerously reactive stance when it comes to managing those same devices.
In many cases, the reason these organizations purchased IoT devices in the first place is that they realized that otherwise, by the time they became aware of a security risk, that risk could have already caused harm. But with the line between physical security and cybersecurity getting increasingly blurred, organizations now need to understand the importance of proactively monitoring and maintaining their IoT devices.
The good news is that taking that kind of proactive stance does not need to be a cumbersome, time-consuming, or expensive process. Instead, you can bring the power, reliability, and efficiency of automation to the operational maintenance of IoT devices. Not only does this approach empower you to ensure that your IoT devices are running properly, consistently, and securely – but it allows you to do so with a minimal investment of time and resources.
Because ultimately, if you’re not properly keeping tabs on your IoT security devices, you never really know whether those devices are properly keeping tabs on your organization’s physical security.
How can SecuriThings Horizon help you take a more proactive and efficient approach to the operational management of your IoT security devices? For more on how our automated technology can enhance your organization’s physical security posture, check out our brochure.