During the annual Wall Street Journal CEO Council conference earlier this month, experts revealed how Internet of Things (IoT) technology is seriously compromising our cyber security.
To emphasise just how vulnerable we are to Internet of Things attacks, Nicole Eagan, the CEO of cyber security firm, Darktrace provided a particularly shocking example. Eagan described how hackers were able to lift the high-roller database of a major casino using something as innocuous as a fish tank thermometer.
She explained to the incredulous audience that the hackers were able to gain a foothold in the casino’s information via the thermostat because, like many electronic devices these days, it was connected to the venue’s communications network. Once they had gained entry to the network, the hackers were able to track down the confidential data and upload it to the cloud.
The thermostat in Eagan’s anecdote is an example of an Internet of Things device; in other words, it is a device that is connected to the Internet. This connection to the Internet is what turned the otherwise harmless item into a critical weak spot in the casino’s security system.
What makes this an even greater challenge is the fact that so many modern devices are, in fact, part of the Internet of Things. In the domestic sphere includes smartphones and computers, plus household appliances like air conditioners, refrigerators, and entertainment systems, whilst large-scale structures like power plants and satellite telecommunications networks are also all connect. Eagan explained that the proliferation of IoT devices has greatly expanded the attack surface for cyber criminals and that most this cannot be defended by traditional means.
Former head of the British government's digital-spying agency, Government Communications Headquarters, Robert Hannigan agreed with Eagan about the increasing danger posed by the growing IoT. Hannigan explained that the problem would intensify over the coming years as more and more internet-enabled devices become commonplace.
According to Hannigan, the capacity of existing security systems to manage the threat posed by Internet of Things hackers is woefully inadequate. He therefore used the panel discussion to call for greater mandatory regulation of cyber safety standards.
Citing an example of a bank that was hacked via its own CCTV cameras, Hannigan advised his audience that the problem would not correct itself. He thus insisted that the regulation of minimum security standards is urgently required. Hannigan added that the real challenge is that hacked devices continue to work even when they have been compromised, making it extremely difficult to detect IoT breaches.