We often think of cyber threats in the abstract. As something invisible and unknowable but with so much of our lives are now centred on devices. These devices exert control over our many aspects of our daily lives some of which we do not even realise.
This makes the cyber threats of the future all too real.
So we wanted to take some time to consider how cyber threats can impact our daily lives.
Hacking Our Utilities
In a worrying case from the United States hackers in Florida broke into the computer system of a facility that treats water for about 15,000 people and sought to add a dangerous level of additive to the water supply. This issue was discovered in time due to the safety measures they had in place but it is easy to imagine how something like this could slip through the net.
Hacking Our Commute
Another way hackers could impact the safety of our daily activities was demonstrated last year in the Netherlands where found a way to disrupt traffic signals. They managed to spoof non-existent bicycles approaching tricking the traffic system into giving those bicycles a green light and showing a red light to any other vehicles
This simple technique has the potential to cause widespread travel disruption if intelligent transport systems are implemented at a larger scale. It also demonstrates that these safety mechanisms which allow us to feel safe while we travel on the roads could all too easily fall victim to a cyber attack.
Hacking Our Health
Perhaps the most worrying and widespread of these threats is how cyber criminals are directly impacting the safety of human life is via medical devices.
Last year the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued several warnings tied to connected drug pumps alone. Vulnerabilities could be exploited to launch a DDoS attack, alter system configurations or even steal patient data. Researchers have also found that implantable cardiac devices such as pacemakers and defibrillators had vulnerabilities that could allow hackers to remotely access devices.
Experts believe the security of medical devices will become a consistent problem. Healthcare is an area where resources are stretched thin and they have been driven further by the effects of COVID. Healthcare facilities have been forced to make tough decisions in order to focus on the emergency care of patients which mean that cyber security falls down the list of priorities.
Unfortunately this is a vulnerability unscrupulous hackers are more than happy to exploit. They are capitalising on this with an onslaught of ransomware and phishing. One such attack postponed an emergency operation at a German hospital.
The situation is exacerbated by the fact that hospital equipment runs old or proprietary operating systems that cannot be easily updated or patched. Unlike personal devices these are complex and expensive pieces of equipment which need to run for 10 years or more. The average hospital uses about 17 connected devices per bed. A study by Ordr found that 51% of IT teams do not even know what types of devices are touching their network. They even found applications like Facebook and YouTube applications running on MRI machines.
These issues are frightening in their own right but they also draw attention to how we use connected devices across all lines of business and even out personal lives.
Protecting Yourself and Your Business
By 2025 there will be more than 30 billion devices connected to the internet of things. This equates to almost 4 devices per person on average.
There are few steps you can take to protect against these threats
• Compartmentalize devices to minimize attack surfaces
• Add security software, containers, and devices to “digitally fence” network and devices
• Do not integrate devices into your network with default passwords and other known vulnerabilities
• Encrypt IoT communications, especially for data in transit
• Continually audit and use real time analytics (including predictive analytics)
And the basics are more important than ever.
• Firewalls
• Patches
• Implement security awareness training for all employees
At JMP we can help you to think outside the box when it comes to cyber risks. Get in touch for an informal chat about your cyber risks including those you haven’t thought about yet.
Sources:
https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-poisoning-sheriff-says-idUSKBN2A82FV/
https://www.wired.com/story/hacking-traffic-lights-netherlands/
https://www.securitymagazine.com/articles/94381-healthcare-security-challenge-how-cyberattacks-are-evolving /
https://www.forbes.com/sites/chuckbrooks/2021/02/07/cybersecurity-threats-the-daunting-challenge-of-securing-the-internet-of-things/?sh=3fb6601c5d50/