With that said, however, this interconnectedness has also made it easier than ever for hackers to gain access to computers and other systems. This vulnerability has already led to many elaborate thefts and schemes, some of which have included the very same venues mentioned above.
Casino’s Thermometer Targeted
UK cybersecurity firm Darktrace has been closely monitoring hacking activities, and recently published a report for the Wall Street Journal’s London CEO Council. CEO Nicole Eagen noted that there are many IoT devices out there, from, air conditioning and refrigeration systems to thermostats to Alexa and other AI assistants. This, she said, increases hackers’ ‘attack surface’, most of which is not guarded by traditional defence systems.
One memorable hacking scam involving IoT was carried out at an anonymous casino. Criminals were able to access this casino’s list of high roller clients by using a thermometer that was installed in the casino’s lobby to control its aquarium. Commenting on the crime, Eagen said that the attackers used the thermometer to break into the network, finding the high roller database and carrying it back through the network, into the thermostat, and finally into the cloud.
Stricter Security Is Essential
GCHQ professional from 2014-2017, Robert Hannigan, was also present on the WSJ panel. He confirmed the concerns that IoT is becoming a huge challenge for companies, saying that while it will produce thousands of new devices over the next few years, rising cybercrime levels are going to become increasingly problematic. Hannigan noted that he had recently seen a bank that was hacked using its CCTV cameras, which are ‘bought purely on cost’.
The security professional also added that better safety standards and stricter regulations are almost guaranteed to be required. According to him, this is one area where benchmarks for minimum-security standards will be needed, as the market will not simply ‘correct itself’. This, he said, is especially pertinent as these devices will still work once hacked, making security issues difficult to detect and particularly insidious because of this.