The rapid proliferation of IoT devices within corporate infrastructures has left organizations more vulnerable than ever to cyberattacks. It is essential to adopt a comprehensive approach that incorporates various techniques, tools, and emerging technologies, such as AI and ML, to effectively defend against these evolving threats. – Dr. Kevin Lynn McLaughlin, PhD 

As the Internet of Things (IoT) continues to grow and proliferate, it is increasingly clear that IoT devices pose a significant cybersecurity risk to organizations. (Fazel et al., 2022) One of the primary challenges it poses is that it can be difficult to obtain relevant cybersecurity alert data from these devices into a corporate Security Information and Event Management (SIEM) system. As a result, cyberattacks that target IoT devices are often not detected by corporate cybersecurity Security Operations Centers (SOCs) in time for an effective response to be launched early in the attackers’ kill chain. Many IoT devices lack the ability to generate cybersecurity alert data in a format that can be easily consumed by a SIEM. For example, some IoT devices may only provide basic telemetry data that does not include information about cybersecurity events, making it difficult to distinguish normal behavior from malicious activity or abnormal behavior. In addition, many IoT devices are designed to operate independently and may not be able to communicate with a central monitoring system, making it difficult to detect anomalies and respond to threats in real-time.  

To address the multifaceted challenges posed by the integration of IoT devices within corporate infrastructures, it is imperative for organizations to adopt a diverse array of techniques, processes, and cybersecurity tools. These measures are designed to prevent, monitor, and detect any abnormal behavior exhibited by the IoT devices operating within their networks. A fundamental technique to consider is the implementation of network segmentation, which necessitates the division of the overarching corporate network into smaller, more manageable subnetworks. This approach effectively limits the potential impact resulting from a compromised IoT device, simultaneously impeding the ability of attackers to move laterally within the network and diminishing the risk of data exfiltration. Furthermore, organizations should prioritize the implementation of security controls at the device level. This can encompass a variety of measures, including the deactivation of unused services and ports, the diligent updating of firmware and software, and the careful configuration of access controls to restrict device access to authorized personnel only. Additionally, organizations can leverage network access control (NAC) technologies as a means of enforcing stringent policies regarding the types of devices permitted to connect to the corporate network, as well as the levels of access granted to each. By adopting this comprehensive strategy, organizations can significantly reduce the likelihood of unauthorized devices appearing in various locations, such as conference rooms, break rooms, and employee offices, which might otherwise be connected to the corporate infrastructure without proper oversight. In doing so, organizations will be better equipped to safeguard their networks and valuable data from the ever-evolving threats targeting IoT devices. 

In the pursuit of effectively monitoring and detecting IoT devices within an organization’s network, it is crucial to harness the power of the corporate cybersecurity Security Orchestration, Automation, and Response (SOAR) team. By leveraging the expertise of these professionals, organizations can design and implement strategies and solutions tailored to detecting abnormal behaviors originating from IoT devices, ultimately strengthening their cybersecurity posture.  A plethora of cybersecurity tools are available to aid organizations in monitoring and detecting IoT devices, encompassing IoT device discovery and inventory tools, network traffic analysis tools, and endpoint detection and response (EDR) tools. When used effectively, these tools enable organizations to pinpoint IoT devices on the network, scrutinize network traffic for any suspicious activity, and identify as well as respond to security incidents in real-time. The SOAR team in conjunction with your Cybersecurity Architects and Cybersecurity integration engineers can play a crucial role in optimizing the deployment and configuration of these tools, ensuring that they work in concert to provide comprehensive visibility and protection against threats targeting IoT devices. 

Artificial intelligence (AI), machine learning (ML) and blockchain technologies (Yu, 2018) (Dey, 2021) are also becoming increasingly indispensable in the defense of corporate IoT devices. These innovative technologies can augment the capabilities of the SOAR team by providing advanced analytics and automation. For instance, ML algorithms can be utilized to analyze network traffic, detecting anomalies that could potentially signify a cybersecurity threat. By incorporating these technologies into the organization’s cybersecurity strategy, the SOAR team can more effectively identify and prioritize potential threats, empowering them to focus their efforts on the most pressing concerns. In addition to bolstering threat detection, monitoring, detection and alerting AI can be harnessed to automate incident response processes, allowing organizations to react more swiftly and efficiently in the face of an attack. The SOAR team can take advantage of AI-driven automation to streamline workflows, reduce response times, and minimize the impact of security incidents on the organization’s operations and reputation. The corporate cybersecurity SOAR team plays a pivotal role in the creation and implementation of strategies aimed at detecting abnormal behaviors originating from IoT devices. By leveraging a diverse array of cybersecurity tools, as well as incorporating AI and ML technologies into their arsenal, the SOAR team can significantly enhance an organization’s ability to identify, monitor, and respond to the growing array of threats targeting IoT devices within their corporate infrastructure. 

In conclusion, the proliferation of IoT devices within corporate environments presents an array of complex cybersecurity challenges, rendering organizations increasingly vulnerable to cyberattacks. To counteract these evolving threats, a comprehensive approach is necessary (S. Forsström, 2018), incorporating a diverse range of techniques, processes, and cybersecurity tools, as well as harnessing the power of emerging technologies such as AI and ML. By leveraging the expertise of the corporate cybersecurity SOAR team, Cybersecurity Architects, and Cybersecurity Integration Engineers, organizations can develop and implement tailored strategies to effectively monitor, detect, and respond to abnormal behaviors originating from IoT devices. This collaborative and multifaceted approach is crucial in safeguarding corporate networks and valuable data from the ever-growing threats targeting IoT devices. As I stated at the start of this article, “It is essential to adopt a comprehensive approach that incorporates various techniques, tools, and emerging technologies, such as AI and ML, to effectively defend against these evolving threats.”(Zaman, 2021) By embracing this holistic strategy, organizations can significantly enhance their cybersecurity posture, mitigating the risks associated with the integration of IoT devices within their corporate infrastructures. 


Dey, A., Jara, A.J., Al-Jaroodi, J. (2021). Blockchain-based security and privacy in Internet of Things: A survey. Journal of Network and Computer Applications, 173.  

Fazel, E., Shayan, A., & Mahmoudi Maymand, M. (2022). Designing a model for the usability of fog computing on the internet of things. Journal of Ambient Intelligence and Humanized Computing.  

S. Forsström, I. B., M. Eldefrawy, U. Jennehag and M. Gidlund. (2018). Challenges of Securing the Industrial Internet of Things Value Chain Workshop on Metrology for Industry 4.0 and IoT, Brescia Italy.  

Yu, Y. (2018). Blockchain-Based Solutions to Security and Privacy Issues in the Internet of Things. IEEE Wireless Communications, 25(6), 12-18. 10.1109/MWC.2017.1800116  

Zaman, S. (2021). Security Threats and Artificial Intelligence Based Countermeasures for Internet of Things Networks: A Comprehensive Survey. IEEE Access, 9, 94668-94690. 10.1109/ACCESS.2021.3089681  


About mclaukl

Professional Certifications - Certified CISO, CISM, CISSP, PMP, ITIL Master Certified, GIAC Security Leadership Certificate (GSLC), CRISC. Kevin also holds Certificates in the Advanced Principles of Information Security and in Advanced Information Security Research Methods from Jones International University. Kevin L. McLaughlin began his career as a Special Agent for the Department of Army. He was responsible for investigating Felony crimes around the globe. He has had many careers over the years, including being a Police Officer in Kissimmee Florida, an Investigator for Mastercard/Visa, a Middle School teacher, a Director at Kennedy Space Center (where he worked with Fred Hayes, James Lovell, Armstrong, Sheppard, etc.), the President of his own company, an IT Manager and Senior Information Security manager with the Procter & Gamble (P&G) company (fortune 35), a CISO at the University of Cincinnati and a Senior Information System Security Manager for the Whirlpool Corporation (fortune 125). Kevin has also been an adjunct since 1992. While at P&G Kevin created one of P&G’s augmentation outsourcing teams in India. Kevin designed and implemented this India team and it won a global Gold Service award from Atos-Origin and has acted as a model for countless corporate relationships since. Over the years Kevin has: created an Information Security program conducted Information Security Strategic planning designed Information Security solutions, investigated over 700 Cyber cases and operated a Global Security Operations Center. • Education - MS in Computer Science Education, BS in Management of Information Systems * PhD in Cyber Security, University of Fairfax
This entry was posted in Critical Manufacturing Cyber Security and tagged , , , , , , , , , , , . Bookmark the permalink.


  1. Artem Melnyk says:

    This article provides valuable insights into the challenges organizations face in securing their IoT devices and offers a comprehensive approach to mitigate cybersecurity risks. The importance of leveraging emerging technologies such as AI and ML to augment the capabilities of corporate cybersecurity teams is emphasized, highlighting the critical role that they play in defending against evolving threats.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s