Last October’s IoT Hack: No Black Swan
Photo credit: Canva
Security breaches these days have become commonplace—almost daily occurrences. It’s a lamentable sign of the times. Still, even by today’s ho-hum standards, one in October of last year proved particularly worrisome.
As far as we know, hackers accessed traditionally less secure devices to cause massive outages. The culprits: DVRs and CCTV video cameras. It didn’t take long before hundreds of millions of people could not access key accounts on sites that included Twitter, Amazon, Tumblr, Reddit, Spotify, and Netflix.
Here’s a heatmap outlining the attacks:
The hacks seemed to confirm the worst fears of industry experts and Internet of Things’ (IoT) skeptics. These newfangled devices that hold oh-so-much promise can also serve as tremendous weapons for bad actors.
Think about it. Those with pernicious motives can get at our technology stalwarts (read: our e-mail accounts, laptops, and desktops). What’s to stop them from accessing our smartwatches, TVs, refrigerators, locks, and even cars?
Answer: Apparently not very much.
Legacy systems, in fact, weren’t designed to identify wireless communications protocols that modern smart devices use to share information.
The phrase wireless communications protocol (Bluetooth is an example here) isn’t terribly sexy but make no mistake: it’s a big deal, and you need not be a security guru to understand this. Moreover, it’s precisely these types of disconnects and mismatches that keep Chief Security Officers (CSOs) and CIOs up at nights. Collectively, these types of issues pose significant security risks to enterprises, especially those dabbling with IoT devices. What’s more, it surely deters many organizations from taking the plunge.
Brass tacks: organizations face an increasingly complex array of security issues in a BYOD world. (How simple do the 1990s look by comparison to today?) Adopting best practices such as two-factor authentication sure helps, but there’s no one elixir or magic wand that solves all enterprise security issues.
Still, we must march on. We cannot halt progress because some unscrupulous types wish to cause chaos. At a minimum, recent events underscore the need to establish standards.
If history is any guide, the IoT will never reach complete safety or security. Despite its considerable perils, though, the IoT also portends enormous opportunity—far too much to pass up.