How cybercriminals are Exploiting The IoT to Hack Big Business (and how you can protect yourself)

Cyber ransom demands hit the headlines last week with the hacking of the Colonial Pipeline software system. Days of gas shortages across the eastern seaboard of the United States hit home just how much our world depends on secure networks. Quite frankly, it’s surprising that the company could pay just $5 million to the cyber criminals to be given back access to their computer systems.

Although Colonial hasn’t yet said how the hackers managed to penetrate the network, experts suspect that a phishing email was the most likely entry point.

But these days, criminals don’t just have to rely on lax security protocols from staff members. The Internet of Things (IoT) now allows for a surprising number of potential points of failure in your company’s security systems.

For example, it was reported in 2018 that an unnamed land-based casino in the US was hacked, with the database of VIP players and their personal information downloaded and then disseminated on the dark web. How did the hackers gain access to the casino’s network? Surprisingly, the criminals first gained entry via a fish tank thermometer.

This will be surprising for many gambling fans, many of whom assume that playing at online operators such as Mr Green casino offers more risk of their personal details being hacked than at a land-based establishment. And yet, this example illustrates just how much of a threat an unsecured IoT network can be.

Many retail enterprises now place sensors around their stores, which can link up with our smartphones and then send us tailored offers about products and services. These kinds of smart services can be very tempting to sign up for, but the fish tank thermometer example shows the risks to consumers to falling victim to hackers who have successfully accessed IoT devices.

But certain applications of the Internet of Things are very difficult to avoid. Modern cars, for example, are all connected in some way to the internet. This can be simply how the automobile sends performance data back to the manufacturer, or the use of proximity sensors to ease parking. But semi-autonomous cars may take on-spot decisions to avoid accidents and reduce the load on the human driver.

And even domestic medical devices are increasingly hooked up to the internet. Modern baby monitors, cardiac pacemakers, blood pressure monitors and even humble smartwatches, with data hacks leading to problems such as privacy breaches, all the way up to deliberate sabotage by bad actors.

These days, it’s hard to avoid the IoT. So how can you protect yourself from potential hacks to this physical infrastructure?

For your own IoT-enabled devices such as wearables, and home appliances, make sure to set a password, wherever possible (and if not possible, ask yourself whether you need that particular device). Unique, hard-to-crack passwords should be stored on your password manager and changed regularly for each device. The use of a password manager can even be useful to change your secure passwords in the event of a third-party breach, as in the casino example above.

Many IoT devices are accessed via email accounts such as Gmail, which can prove to be a major vulnerability in its own right. Ensure that 2-stage authentication is turned on for your Gmail (or other email), and social accounts. That will go a long way to stopping your devices being successfully targeted by criminals, even if they do manage to find your password.

Finally, ensure that all software related to your devices is kept up to date. Patches are regularly released to fix software holes which cyber criminals use to access your device and data.

The Internet of Things is going nowhere, and it is hard to live our lives without coming into contact with this modern phenomenon. While hackers will inevitably target your devices, the steps above mitigate the risk, and should be adopted by all safety-conscious consumers.