Hackers! This Is Why We Can’t Have Nice Things

Featured article by Andre Smith, Internet Marketing and E-Commerce specialist

When the history of internet memes is written, one of the top ten entries will surely be “This Is Why We Can’t Have Nice Things”. This catchphrase is used in response to a topic thread that has deviated from its original purpose. The popularity of this catchphrase is borne out by how much it has spread into popular culture, particularly in the world of internet-connected devices that started out with the promise of facilitating great productivity gains, but that are now seeing those gains reduced by hackers and cyberthieves who are exploiting the vulnerabilities of those devices.

A 2016 analysis by internet security company, Forescout Technologies, suggests that by 2018, two-thirds of all organizations that utilize Internet of Things (“IoT”) technologies will experience security breaches through those devices. Many of those devices utilize out-of-date firmware or lack even basic internet security protections. Hackers can breach an IoT device with minimal effort and cause problems that can take weeks to remediate. In one of the more recent high-profile IoT attacks, the managed services company, Dyn, was hit with a distributed denial-of-service (“DDoS”) attack that originated with IoT devices and succeeded in knocking out services to a number of the company’s noteworthy clients.

The Dyn attack experience shows that IoT threats are not limited to individuals who might install smart-home devices or digital assistants in their residences. Enterprises are exposed to equal or greater risks through their utilization of IP-connected security systems and infrastructure controls, smart video conferencing technology, internet-enabled printers, smart light bulbs, and VoIP phone networks. The security firm, CyberX, for example, discovered that the PC microphones of several Eastern European government officials had been hijacked, giving hackers access to prominent confidential information.

Forescout’s analysis shows in even greater detail how a simple device such as an internet-connected thermostat can be the starting point of significant cybersecurity problems. If the thermostat is on the same network as an enterprise’s other operations, hackers can exploit the thermostat’s weak security to access that network to steal data, gain greater network privileges, and escalate their attacks to deeper network levels. On a more malicious level, hackers can assert control over the thermostat to force server rooms to overheat, possibly damaging critical network systems.

The vulnerabilities of IoT devices and the likelihood of continued attacks pose a challenge to every enterprise. Few, if any, enterprises will adopt the stance of a Luddite who disavows the use of any of the “nice things” that are made possible by new technologies. Fewer still will want to sit back and accept cyberattacks as they come. In order to use those nice things with an elevated sense of security, enterprises will need to step up their cybersecurity game.

Most cybersecurity experts recommend a multifaceted approach to protecting enterprise networks that includes making an inventory of IoT devices that may be vulnerable to attacks, ramping up internal enterprise security systems to defend against the most current hacking strategies (including ransomware and DDoS attacks), and educating employees to maintain their awareness of how their actions can threaten network security.

Lastly, all enterprises need to understand that regardless of the defenses that they might erect, the omnipresent cybersecurity risks of successful attacks cannot be completely eliminated. A successful attack can expose an enterprise to significant direct and third-party losses that can wipe out profits and threaten the very existence of the organization. Cyberliability insurance is the final line of defense that can protect your company’s profits by providing a source of reimbursement for those losses. That insurance is a necessary part of keeping the interconnected nice things in your enterprise.

Andre Smith is an Internet, Marketing and E-Commerce specialist with several years of experience in the industry. He has watched as the world of online business has grown and adapted to new technologies, and he has made it his mission to help keep businesses informed and up to date.