Research Spotlight: IoT Security in the Hotel Industry

IoT attacks can take many forms, and traditional cybersecurity tools often fail to detect the malicious activities IoT devices. To effectively identify and counter these threats, hotels and resorts must implement a dedicated IoT security solution that provides full visibility into all network-connected IoT devices. Endpoint protection platforms, intrusion detection and response systems, network segmentation, and firewall policies tend to have limitations in defending against IoT-focused attacks.

An IoT security solution that uses machine learning to detect vulnerabilities and suspicious activities, however, can ensure full and complete protection. The solution must run continuously, providing automated Zero Trust security and integrated workflows, and leverage edge computing to reduce latency and improve real-time analysis.

This article is excerpted with permission from the new research report IoT Security: Best Practices of Top-Performing Hotels and Resortsindependently produced by Starfleet Researchwith underwriting support from global cybersecurity leader Palo Alto Networks.

It’s important to note that cybersecurity solutions that are marketed as IoT security solutions generally lack native enforcement capabilities, requiring users to manually create security policies. This extends the time to value and limits the adoption of Zero Trust and integration with existing solutions. Without the ability to see and understand the context of IoT devices on a network, it becomes almost impossible to adequately protect them. In contrast, a state-of-the-art solution is designed to provide visibility into all IoT devices on the network, automatically assess risk, and offer robust protection against threats — both known and unknown.

Unknown IoT security threats are those that have not been seen before and are difficult to anticipate or protect against. Known IoT security threats, on the other hand, are those that have been identified, and there are established methods of protection. As one would expect, unknown threats are often more challenging to defend against because they exploit vulnerabilities that have not yet been discovered. For example, a hacker might create a malicious software program that is designed to infect devices and spread malware through a previously unknown security flaw. Until the vulnerability is discovered and patched, devices and data remain at risk. A zero-day threat, as it is known, exploits these types of previously unknown vulnerabilities.

Only by understanding the limitations of existing cybersecurity solutions in the context of IoT vulnerabilities and committing to radically improve visibility into all devices on a network can hotel IT staff move forward with implementing serious IoT security measures. Such measures must focus on deploying a purpose-built solution that can provide comprehensive visibility, surface unmanaged device data across the network, provide device risk analysis, and enable the enforcement of recommended device risk-based policies.

To be future-proof, the IoT security solution should also be built on a highly scalable cloud architecture and utilize the latest technologies such as virtualization and trusted IoT approaches. By doing so, hotels can protect their networks from both existing and emerging IoT-based threats, safeguard their valuable assets, and maintain their guests’ trust.

When it comes to maximizing success in IoT security for hotels and resorts, it’s important to consider not only the IoT security solution but also the responsibility for overseeing IoT security on a daily basis. In many cases, the IT department takes on this responsibility, and some hoteliers establish specialized cybersecurity teams within the IT department. Alternatively, new leadership positions may be created specifically for IoT security, although the overall responsibility typically lies with the chief information security officer (CISO) who develops and implements security strategies, establishes policies and procedures, and provides employee training on security best practices.

Considering the complexity of IoT devices and networks, it may seem advisable for large hotels handling sensitive data to create a dedicated IoT security team. However, with a fully-integrated and high-performance IoT solution, existing security and operations teams can typically secure all network-connected IoT devices without significant changes to current practices, policies, or procedures. Large hotels and resorts may utilize a security operations center (SOC) as a central location for monitoring and managing security events. An SOC acts as a primary point of contact for responding to security incidents and coordinates the response of security personnel, helping to minimize the impact of IoT security breaches. As the proliferation and adoption of IoT technology continue, the role of the SOC is expected to become increasingly important.

To effectively manage IoT security, it is also essential to have useful performance metrics in place to track progress over time. By employing these metrics on an ongoing basis and analyzing the data, hotels can identify trends, patterns, and areas for improvement. This enables them to make necessary changes and drive continuous performance improvement, even in the face of new threats that may emerge.

IoT Security: Best Practices of Top-Performing Hotels and Resorts is now available for complimentary download.

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

Leave a Comment

Your email address will not be published. Required fields are marked *