The Internet of Things (IoT) refers to a massive web of interrelated computer devices that possess the ability to transfer data across networks because of the devices’ connection to the Internet. For example, if a company’s air conditioning unit can be controlled through an Internet-connected device such as a mobile phone or desktop, it belongs beneath the expansive arc of the IoT. It is important to note that all devices controlled through the Internet subscribe to a data-sharing system.
The phrase “Internet of Things” was coined in 1999 by Kevin Ashton of Procter & Gamble, and since then has sparked numerous technological advances across a variety of industries such as energy management, water distribution/consumption, food supply and agriculture.The analyst firm Gartner estimates the IoT will consist of 26 billion devices by 2020, and by that time the industry will be worth $300 billion.
While companies’ technological opportunities have greatly advanced since the introduction of the IoT, these companies’ susceptibilities to crippling external hacks have also greatly increased. Because of the expansive connectivity offered by the IoT, one simple hack could give perpetrators access to highly-sensitive data across a variety of platforms. For two large-scale North American companies, this daunting threat became a realization, and we have highlighted their stories below.
Case Study #1
In the summer of 2017, a group of hackers attempted to acquire data from a North American casino by gaining access to an Internet-connected fish tank, according to a report filed by cybersecurity firm Darktrace. The fish tank operated with sensors that regulated water temperature, food distribution and cleanliness, and these sensors were connected to a local computer.
“Somebody got into the fish tank and used it to move around into other areas (of the network) and send out data,” said Justin Fier, Darktrace’s director of cyber intelligence.
Though the identity of the casino was not disclosed within the report, it was later verified that 10GB of data were sent out to a remote device. Within this 10GB of data was the casino’s classified list of high-rollers.
The Washington Post reported that this incident was only one of nine unique threats mentioned in Darktrace’s 2017 annual report of innovative hacks. This report also mentioned hackers’ ability to acquire bitcoin, a digital form of currency, and former employees using their old login credentials to steal company data.
Case Study #2
Additionally, in December 2013, hackers infiltrated Target’s payment system network through initial access to the HVAC units (which were controlled through the Internet). It appeared that the hack occurred from an external vendor’s network access, as it is common for large retail operations to have an outside team monitor energy consumption and store temperatures to save on costs.
In this type of system, vendors are granted access to remote into the company’s system to resolve maintenance issues or troubleshoot software glitches. However, this type of system expands the area of susceptibility within a major company like Target. In this example, a hacker can easily access the external vendor’s WiFi network and then use this point of access to retrieve data from their major clients. Once the hackers gained access to Target’s HVAC units, they were able to quickly infiltrate the payment system network because of its connection to all other devices through the IoT.
Sources reported that in a two-week period, hackers succeeded in uploading card-stealing software to a small number of cash registers in various Target stores. In the next two weeks, the hackers pushed their malware into Target’s point-of-sale devices, allowing them to actively collect card records from live customer transactions.
Target released a statement that approximately 40 million debit and credit card accounts were exposed between Nov. 27 and Dec. 15, 2013.
While the IoT provides companies with unique opportunities to store and retrieve data, it also makes this data more vulnerable to infiltration. These case studies demonstrate the growing importance of multiple levels of Internet protection within a company’s software. NetLink Solutions recognizes these threats and actively combats them through image backups and three forms of data protection (file, local and offsite) to ensure your company’s data is safe and secure. In addition, our self-monitoring toolkit leverages monitoring and anti-virus software and provides full integration to allow your IT department to seamlessly escalate any service needs. Adopting these services will reinforce the power of your IT department, increase the efficiency of your business and keep your data safe.