As software-based defenses have gotten better, some attackers have turned their attention to physical security to gain access. IoT devices can sometimes be relatively easy to access, especially if they're in remote or unmonitored locations.
Of course, the physical security layer is fundamental in all cyber security. But with data centers and office space locked behind closed doors, physical security is often assumed to be inherently strong. With many IoT devices deployed in the field, businesses can't take the physical layer security for granted.
A breach of the physical IoT security layer could allow malicious attackers to gather information about an IoT device itself, copy any data about or gathered by the device, and even change its programming. Physical access to IoT devices could enable side-channel analysis, settings resets, physical tampering, optical or electromagnetic fault injection, and other attacks. Ultimately, a compromised IoT device can be used to access other parts of the network.
Physical security threats also go beyond cyber security attacks. IoT devices are vulnerable to theft and damage from leaks, flooding, natural disasters, fire, electrical surges, overheating, accidents, vandalism and other causes.
Another challenge is overcoming faulty assumptions in your organization about who is responsible for IoT security. Cooperation between the physical security team, the cyber security team, and even property and ops teams is essential to ensuring IoT devices are physically secure.