Leaving Your Company’s Door Unlocked – How the Internet of Things is weakening cybersecurity
I still remember an old episode of The Jetsons, where Jane Jetson decides to call her mother. She announces to the room, “Call Mother!” and up pops her mother’s face on a video screen as the two begin a conversation. What was once so futuristic and utterly ridiculous when that first aired in the 1960s is now commonplace in American homes.
We enjoy our FaceTime chats, we ask our Amazon Echo to play Aerosmith or turn on the sprinklers, and we lock the front door from our smartphone, while we are physically miles away. While we’re not in flying cars yet (and I definitely could use a Rosey the Robot housekeeper), the automated vehicle is already on the roads. And the Internet of Things (IoT) is unfolding at an incredibly brisk pace—Business Insider estimates 24 billion IoT devices by 2020. But how are we protecting our businesses and privacy? Unlike the idyllic world of George, Jane and family, cyber threats abound in our version of the future.
You don’t have to look far to see another instance of a cyber attack. This election made history, not just because of the characteristics of the two presidential candidates but because of the email hackings, leaks, and even concern that Vladimir Putin/Russia disrupted the outcome of our votes. And, of course, the October DDOS attack on Dyn – which used a botnet of IoT gadgets – disrupted many major websites, including Twitter, Spotify, PayPal and others.
While the news was seen as shocking by some, the industry wasn’t that surprised. After all, devices are notoriously insecure: open admin controls, default passwords and a lack of updates to name a few.
Scarier still is the notion that the villain behind the October attack likely wasn’t Putin or the intelligence outfit of some hostile enemy, but rather the punchline of a prank carried out by amateurs. As more and more of these “smart” gadgets make their way into our lives – everything from toasters, pressure sensors, alarm clocks and cars – we’re inching ever closer to a tipping point.
Aside from the annoyance of being locked out of your Twitter account, the real danger in these attacks lies in the possibility of massive data breaches for companies of all sizes, as well as espionage and access to infrastructure (like the hack of Ukraine’s electrical grid last December). As Kansas City ramps up its own Smart City initiative, my company was proud to be a part of that planning and ensuring security is top of mind as we move forward.
Patching the Holes
The Online Trust Association recently claimed that all of these types of attacks can easily be avoided, especially if the group’s IoT Trust Framework principles were followed. While most experts agree these principles would correct most of the issues with IoT devices, the reality is different. Manufacturers are rarely experts in security and new protocols easily cut into profits, often making them unrealistic.
While we all know security is never 100-percent effective, that doesn’t mean we can’t make the locks a little harder to pick. The first step? Awareness by the general public. The 2015 State of the Smart Home Report from icontrol found that 44 percent of Americans felt “very concerned” about the privacy of their information being stolen from a smart home device (and 27 percent felt “somewhat concerned”). That kind of rising public perception can be a powerful change agent for manufacturers.
Companies are also woefully behind on beefing up their own security. While the AT&T Cybersecurity Insights Report found that 85 percent of companies are starting to use IoT devices in their business, only 10 percent believed those devices were secure. And true security really goes beyond just locking down the devices themselves; it’s also about building security into the company’s software and networks that are connected to those gadgets. After all, one weak link and the chain of enterprise infrastructure is no good.
As a business community, we simply can’t wait until something catastrophic happens; the time to address cybersecurity is upon us. I encourage every business to build a team of trusted partners, both internal and external advisors, to stay abreast of new tech developments and changing legislation. Traditional and emerging access points to systems and data threaten every organization, and any compromise to security and privacy can cost you customers, destroy your brand and cause significant financial impact.
Rosey the Robot was safe in her world, but is your business safe in ours?
Jeanette Prenger is president and CEO of ECCO Select, a leading provider of technology talent and solutions for clients around the United States. ECCO Select can help you build and sustain a healthy security program, while reducing the risk and protecting your organization’s privacy. Learn more atwww.eccoselect.com, or let her know your thoughts on the Facebook page or on Twitter@ECCOSelectCORP.