Enterprise IoT and the Dangers of the Connected Fish Tank
It’s easy to laugh at the Internet of Things’ more unusual manifestations but the security risks created by ubiquitous connectivity must be taken seriously.
Today’s software factories run on connectivity. As a matter of fact, many of today’s actual factories run on connectivity, with more and more industrial machinery getting plugged in to the internet. The point is, in this age of mobility, cloud and the Internet of Things (IoT), every type of organization has a multiplicity of digital connections to the outside world. And this can lead to security vulnerabilities in some unexpected places.
The Connected Software Factory
The ability to quickly produce high-quality software has become a key differentiator for enterprises across sectors. In today’s business world, software is at the center of everything. But software’s centrality is enabled by connectivity. The software that powers computers, phones, tablets and an increasing number of other devices depends on connectivity—to wireless networks, the Web, cloud services, other devices and beyond.
Today’s software-driven enterprise is therefore also a connected enterprise, by necessity. The ongoing explosion of connectivity, which was accelerated by the introduction of smartphones and is being sent sky-high by the arrival of IoT, is creating a myriad of new business opportunities. You could even say that every new connection brings a new opportunity. But every new connection also brings risk.
Sharks in the Connected Fish Tank
Take, for example, the story of a casino that recently suffered a cybersecurity breech, which started at its connected fish tank. The hackers accessed the casino’s network via the fish tank and were then able to scan the rest of system to discover other vulnerabilities in more significant areas. The attack was shut down before the hackers could exploit these vulnerabilities, but the lesson should be clear.
The security risks inherent in IoT aren’t exactly news. We’ve heard a lot over the last few years about the dangers of hackable connected cars and the role IoT devices have played in ransomware attacks on healthcare facilities. It’s tempting to see these as isolated cases—situations where connectivity is both highly valuable and the stakes of security problems are particularly high. But in the age of ubiquitous connectivity, nothing is isolated.
It may be tempting to have a chuckle about the connected fish tank story and other news reports about IoT hacks targeting surprising or seemingly downright silly connected devices. But when it comes to IoT, any distinction between “silly” and “serious” is unhelpful because even the most unassuming connected device can act as a portal through which hackers might enter to target critical systems.
Securing Every Connection
Much of the recent publicity around IoT security has focused on the role of IoT devices in botnet-driven DDoS attacks. In a sense, the risk posed by seemingly-insignificant devices acting as portals for cyberattacks represents the other side of the same coin. On both sides, serious risk results from the sheer number of connected devices and the difficulty of making sure all these connections are adequately secured.
In this context, enterprises need to make sure they have centralized ways to simplify the management of large numbers of connected devices. Because even if your organization doesn’t have an IoT play the reality of ubiquitous connectivity is something you won’t be able to avoid for long. These days, everything is built for connectivity and connectivity requires strong, smart security. Definitely something to think about when you’re picking out your next fish tank.