Internet of Things - A gateway to cybercrime

By Joe Vitale, VP, Treasury Management

Discover how to protect your business from cybersecurity threats that come with the expanding Internet of Things (IoT).

Have you seen the commercial for the Samsung Family Hub Refrigerator? The one where actor Dax Shepard calls real-life wife Kristen Bell asking if he needs to pick up anything from the grocery store? She replies she thinks they are out of eggs. He asks her to check the refrigerator, but she’s busy cooking so she asks him to check himself – which he does via his smartphone. I’m not making this up. Look it up online.

Smart appliances are just one example of the devices included in the ecosystem called the Internet of Things (IoT). IoT is a network of devices, physical or virtual, that connect to each other and collect and exchange data. Examples include home security systems, televisions, smartphones, appliances, printers and anything else connected to Wi-Fi or other remote access points. But IoT is not limited to consumer devices. Think about other systems connected to each other, including power grids, nuclear plants and water treatment facilities. What does this have to do with cybercrime? Well, everything actually.

There are a great deal of connected systems out there. According to Gartner Group, by the end of 2016, there will be an estimated 6.4 billion connected objects in use around the world. By 2025, that number will rise to 20.8 billion. The more systems are connected, the more information and data is passed between them.

Let’s break this down for a minute. Think about all the data on your smartphone. Not just your social media pages, pictures, email and text history, but your banking information and apps that retain personal data. How about other apps that allow you to stream videos, change the temperature in your home or watch your dog or child while you are at the office? What if someone was able to hack into all of those things at one time? Don’t think it can’t happen.

The potential threat is so concerning that the FBI issued a public service announcement alerting companies and the general public about the extra security concerns IoT causes. Quite a few businesses and consumers don’t think this information is valuable to criminals. But it is.

Here’s how something seemingly innocent can turn into a cyber attack. A hacker sees you eat a certain type of yogurt and sends you a downloadable coupon for that yogurt. Once you click on the coupon, it downloads malware on your PC or phone, and just like that, all of your information is compromised.

Other options for hackers? They can get into your security system at home or business and turn off the alarm when you are away, allowing them easy access to your items and information. Or they could turn off the power grid in your neighborhood or business park and demand $10,000 in bitcoin before turning the electricity back on.

So what does this mean for businesses? It means businesses must change the way they operate when it comes to their information. As new technologies and innovations are introduced and change the way we live and work, new threats are also being introduced what will cause more diligence and protection.

In March 2015, Ernst & Young released a report titled Cybersecurity and the Internet of Things. The report reviewed the rise of threats and challenges with IoT. As IoT expands our world, provides economic benefits, and makes life easier, it also has transformed the risk landscape. All business sectors and industries are impacted and in different ways.

There are, however, common practices all businesses can put in place to stay ahead:  

  • Design and implement a cyber threat strategy and incident response plan
  • Educate employees so everyone understands the need for strong governance, user controls and accountability
  • Know your environment inside and out
  • Learn and evolve with technology and innovation
  • Consider implementing a cyber threat intelligence team
  • Align cybersecurity to business objectives
  • Share and learn with and from other companies, including legal and regulatory partners

The next time you pick up your smartphone, use a wireless device at work or ask your spouse to check the refrigerator when you are shopping at the grocery store, remember where all that data is stored and where it goes. And that it’s all connected and potentially vulnerable.

It’s important to anticipate what can happen, adapt to the change that is happening, and act before it’s happened. Since all the data and devices are connected, so are all the users and businesses. We all play a role in protecting the IoT from hackers.