The unique security risk of IoT/OT devices

The Internet of Things (IoT) is a reference to a growing network of physical objects (“things”) that possess the sensors, software, and other technologies necessary to connect and exchange data with other devices on the internet. These devices can be medical equipment, embedded systems, sensors, printers, or any smart household or handheld device.

On the other hand, operational technology (OT) defines a specific category of hardware and software that were designed to monitor and control performance for physical processes, devices, and infrastructure. In essence, OT is hardware or software that can operate independent of internet connectivity. Examples of these kinds of devices could be industrial machinery, robotic arms, turbines, centrifuges, air conditioning systems, and more.

The convergence between the IT world’s laptops, web applications, and hybrid workspaces, and the OT world’s factory and facility-bound control systems bring significant risks. Through greater connectivity, attackers can now “jump” air gaps between formerly physically isolated systems.

Similarly, IoT devices like cameras and smart conference rooms can become risk catalysts by creating novel entryways into workspaces and other IT systems.

In terms of impact, threat actors infiltrating an IT network can mean gaining access to critical OT. The implications of this are wide-reaching, from hefty financial losses for the organization and the theft of foundational IP, to onsite safety concerns where uncontrolled operational technology can affect human lives.