The Vulnerability of Everything

The Vulnerability of EverythingBusinesses are now facing cyber threats via vectors,which just a few short years ago would have seemed like something out of a Hollywood science fiction movie. When you plug into the world, it’s easy to forget the world is also plugged into YOU.

Risk Management, in a business context, is defined as the forecasting and evaluation of financial risks, together with the identification of procedures to avoid, or minimize their impact. But how can 'management' be made to understand, manage, and mitigate today's cyber risks?

Unfortunately, outside of the IT department, most managers simply don’t understand, (or don’t want to understand), the very real-risks posed by cyber-threats. And IT managers often don’t have the influence required to force through much needed changes, in both corporate thinking, and corporate spending, on cyber security.

Recently, 40% of the population in South Korea had their personal details stolen. How bad do things have to get, before people sit up and take notice?

By 2020, there will be more than 50 billion devices connected to the internet, and one million new devices are being connected every three hours. In the world of the Internet of Everything, we are faced with smart phones and tablet computers which can bypass an organization's firewall, if the office network is not setup securely.

In the office, more and more smart 'connected' devices are being installed, often without any planning, resulting in office printers, fax machines, telephones, video surveillance, web cams, and copiers, which can be leveraged to both spy inside the office network, as well as attack third-parties outside the office network.

Examples of such attacks, range from the almost comical discovery that a Samsung refrigerator, which was compromised, and had become part of a spam bot-net that had sent out more than three-quarters-of-a-million spam emails, before the breach was discovered. More sinister examples invlude IP Teleconference Phones being hacked to spy on organizations’ board meetings, and far worse than that, hacked webcams (and even baby monitors) used to spy on people (and their children) in their homes.

One of the largest recent successful cyber-attacks, on the retail sector, is believed to have been made possible by a security breach of the victim’s Heating and Ventilation systems. Researchers have since discovered over 55,000 such HVAC systems connected to the internet, and have noted that in most cases, these systems contain basic security flaws. Not to mention the fact that, "the security at such companies tended to be poor, and that vendors often used the same password across multiple customers."

Once hackers find your devices, many can be compromised just by logging in using ADMIN / 123456.

The SHODAN search engine for internet devices, has been called, “the scariest search engine on the Internet,” by CNN. The engine itself advertises that it can help you find exposed online devices, including, “Webcams, Routers, Power Plants, iPhones, Wind Turbines, Refrigerators, and VoIP Phones.” Forbes calls SHODAN, “terrifying.” The system collects information on more than 500 million internet-connected devices and services each month.

Medical equipment such as surgical and anesthesia devices, pacemakers, insulin pumps, and lab analysis tools, can all be hacked.