The General Manager, Security at Dimension Data’s Group, Neil Campbell shares his concerns and views about the state of IT security in the age of Internet of Things.
Recently, Fiat Chrysler Automobile (FCA) announced that it would recall 1.4 million vehicles in the US to install software that would prevent hackers obtaining control of the engine remotely, including the steering wheel and other systems in cars. The successful breach allowed hackers to take control of Chrysler’s systems, and they were able to take control of a Jeep.
The hack indicates two things. Firstly, the Internet of Things is going to create – and indeed has already created – far more opportunities for hackers to both invade privacy and, in cases like this, escalate the risk from damage to ‘soft’ targets, such as reputation and revenue, to actions that place human lives at risk.
Secondly, many well established industries that have not yet had to deal with IT security as a serious threat will be massively under invested in IT security technologies, services and processes.
Campbell predicts we’ll see many more examples like the Jeep incident, as those industries come under both inspection by the IT security research community, as well as attack by the cybercrime community.
“With the IoT trend driving innovation and connectivity within their product or service range, industries that are running up against these kind of exposures for the first time will need to engage more closely with industry bodies and IT security services providers in order to come to grips with the risks they’re facing.
“What’s more interesting is that we’re seeing end-users becoming popular cybercrime targets. That’s because workers are becoming more accustomed to having real-time access to corporate data, and as a result are also becoming targets of criminals who can then access everything that their victim can and even take control of that person’s identity.”
Campbell’s advice to organisations is to continually monitor their IT infrastructure and the IT security industry – not only for threats, but for new approaches to managing threats. In addition, organisations need to recognise that people can be both their strongest and the weakest link when it comes to IT security.