The Internet-of-Things (IoT) is a boon to facilities management, as it can help gather data and streamline many different processes throughout the built environment. It does this by being connected to the internet and creating an interconnected web of devices that are on the same network. However, that network connection can end up being compromised in a cyberattack, and a facility’s IoT devices can be entangled in that mess.
IoT attacks rose 124 percent in 2024, according to SonicWall’s 2025 Cyber Threat Report. This is attributed to attackers taking note of the weak defenses of connected devices, especially those used in government and critical infrastructure.
Securing all the devices has been a notable challenge for some time given the wide array of manufactured IoT tech, according to Steve Ross, director of cybersecurity, Americas at S-RM. Adding to that difficulty is the fact that threat actors (i.e., cybercriminals) can scan for unsecured devices.
“The growing relevance of IoT devices represents a host of vulnerabilities, increasing the points of connectivity that offer additional vectors for threat actors to gain access,” says Ross. “We’re no longer seeing air gapping on those technologies as effective, and we’re also seeing threat actors become more sophisticated.”
There’s also a fragmentation across the threat actor landscape leading to more unique threat actors and groups, Ross says. With more threat actors in this arena, he is expecting to see a correlating increase in cyberattacks.
It is key that managers know indicators of compromise (IOC) in order to identify and respond to cyber threats. According to Ross, IOCs refer to very specific forensic data, such as logs or alerts, that provide evidence of unauthorized access.
“So, from this perspective, we always encourage organizations to deploy top-tier Endpoint Detection and Response (EDR) tooling and to monitor their environment,” says Ross. “Teams should be well equipped to handle alerts, investigate false positives and escalate concerns in a timely manner. If an organization cannot afford to do this in-house, they should consider engaging an outside service provider for support.”
From there, he says the first challenge is figuring out what the threat actors are trying to accomplish. Usually, they’re trying to shut down business operations and/or steal key data. The first IOCs will typically be the threat actors attempting to disable EDR and data loss prevention (DLP) tools and delete backups.
EDR bypass techniques are gaining traction, meaning organizations, facility managers and chief information security officers must prioritize a few key investments that help address the risks. This helps build what Ross calls “defense-in-depth.”
First, he says organizations must prioritize basic cyber hygiene by effective security patching, vulnerability management and asset management. Second, organizations need to undertake incident response planning, business continuity planning and ensure that they have immutable data backups. Lastly, he says robust identity and access controls such as virtual private networks (VPNs), multi-factor authentication (MFA) and single sign-on solutions are a must for cyber defenses.
“The goal is to make sure the bad guys can’t get in; but if they get in, you’re stopping them; and if you didn’t stop them, they still can’t get access to the crown jewels, and even if they do you can rebuild,” says Ross.
Jeff Wardon, Jr., is the assistant editor of the facilities market.
