The Internet of Things (IoT) is hot. From light bulbs to refrigerators to smart TVs, companies are under tremendous pressure to get new IoT devices to market and consumers are instantly snapping them up. In fact, the number of devices that are or will shortly be connected to the Internet is rising rapidly. According to Gartner, by 2020 there will be more than 26 billion IoT devices in operation. Enterprises, in particular, are looking for new ways to drive efficiency and achieve significant cost savings by connecting large-scale industrial items, such as building management and security systems to “smart” Internet-connected platforms. This variation of the IoT is known as the Industrial Internet of Things, or IIoT. In the coming year, the enterprise—from its people, to its devices, to its physical infrastructure—will become more connected than ever before.
In examining the risks associated with the Internet of Things, CYREN decided to evaluate what IIoT really means to the enterprise from a cybersecurity perspective. Industrial-scale Cybercrime In 2013, cybersecurity experts hacked into the Sydney, Australia Google offices via the Tridium (Honeywell) building-management system. In this hack, the experts were able to view floor and roofing plans, alarm systems, equipment schedules, and piping plans. In addition to gaining access to building schematics, the security experts found that they were able to override the system controls for the building automation system, as well as gain access to any other system that ran on this same Internet-connected network. While they didn’t intentionally breach other systems, the opportunity was clearly there.
As more and more corporations move to sustainable, smart, energy efficient buildings, industrial control systems (ICS) are just one of the many avenues that CYREN believes cybercriminals will begin to employ in the coming months. Corporate systems, such as building access swipe card systems or video surveillance systems, if not properly secured will present an ideal threat vector for the ambitious cybercriminal looking to make a few million (or billion) dollars over the course of a day or two.
Understanding the risk associated with IoT, in particular “Industrial IoT”, will be key to protecting the enterprise in the coming years. Let’s face it, the break-room smart fridge probably will not have the capacity to support an advance persistent threat, but the buildingwide system that’s connected via the network to the same IT infrastructure that houses the corporation’s database of employee social security numbers will definitely have the capacity to host and launch a significant APT against that corporation. To read more about the impact of the Internet of Things on cybersecurity, download a copy of CYREN‘s Cyber Threats Yearbook.