The modern world is filling up with the Internet of Things (IoT). From baby webcams that stream images of your sleeping child onto your phone while you’re away, to internet-linked fridges that can order food for you online – more and more mundane objects are becoming part of IoT. While this means that our smart appliances can assist us in our day-to-day living, it also means that we are online in ways that we cannot perceive. This can lead to cyber-criminals exploiting any ‘in’ to access our online data.
In one curious case, a prominent American casino was hacked in July 2018. Hackers were alleged to have bypassed the casino’s cybersecurity systems by exploiting an unmonitored access point into the system. The guilty unsecured access point was… a fish tank! The thermostat used to regulate the temperature of the casino’s decorative fish tank had an unsecured Wi-Fi connection to the rest of the casino’s network, and this connection allowed hackers to access and move to other segments of the network to obtain the more important data they were seeking.
It seems comical that such a simple item could compromise an entire security network, but these kinds of oversights are not uncommon. Other victims include a bank who had bought unsecured, Wi-Fi enabled security cameras that did not have come with any sort of firewall installed into their networking capabilities. There are even children’s toys that allow apps to be downloaded onto networked devices without providing any firewall capability.
The danger for business lies in forgetting to double check if these small objects provide an unsecured entryway into your IT system when installed. Employees might download apps on their work phones or laptops that may connect them to their smart homes or baby monitors, allowing hackers to access a company’s IT system from a completely random access point. Likewise, anything and everything from coffee makers to thermostats should be firewall tested if they are to be connected to the company’s network.
The Internet of Things is so ubiquitous nowadays – we take for granted that smart software like Siri and Alexa can ‘do’ things for us at our request and, sometimes, without us even asking. Understanding your IT, your installed hardware and your network as a whole will help plug up any unsecured holes in your IT security. Ultimately, we will embrace this smart technology but we must do so with caution and common sense.