An unnamed North American casino had its high-roller database stolen. An interesting but not uncommon story in the modern world of cybersecurity. Let’s ratchet the quirkiness up a notch; the hackers breached the network through a networked thermostat in a fish tank located in the Casino’s lobby. This latest hack calls back into question the inherent insecurity associated with the drastic increase in Internet-connected devices.
The statistics are staggering. The IoT industry is holding steady at 19.2% compound annual growth. IoT usage in industrial manufacturing is expected to reach nearly one trillion dollars by 2020. The number of IoT devices currently in use is estimated at thirty-one billion. That number is expected to rise to over seventy-five billion by 2025.
These connected devices drastically expand the attack surface, and unlike traditional networked devices, security is often an afterthought if addressed at all. Thermostats, refrigerators, light bulbs, smart speakers, picture frames…these single or narrow-use devices are churned out at competitive prices, and if we’ve learned anything over the last decade it’s that security is hard.
Robert Hannigan ran the British government’s digital-spying agency, Government Communications Headquarters, from 2014 to 2017 and recently spoke at the WSJ CEO Council Conference in London, “With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem… I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost.”
Calling for stronger regulations, he added, “It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself,” he said. “The problem is these devices still work — the fish tank or the CCTV camera still work.”