As ways of breaking into casinos go, a fish tank is an unusual route. Yet that is what was used in an unnamed American gambling house in 2017. It had invested in a internet-connected tank in which the temperature and salinity of the water were remotely controlled.
Its owners were not naive: when they installed it, they isolated its controls on their own specific part of their company network, away from all their sensitive systems.
It made no difference. The data attackers broke into the tank’s systems, which they used it as a stepping stone for the rest of the casino’s networks. Then they made off with a 10GB trawl data.
Data security is already hard. Everyone from the central bank of Bangladesh to America’s National Security Agency has suffered hacks or data breaches.
The IoT, where everything from fridges to Amazaon Alexa will make things worse.
Other data security incidents have been spectacular enough to make the news. Then in 2016 millions of people in America found themselves struggling to reach many websites, including those of Twitter, Amazon, Netflix and Reddit.
The culprit was a piece of IoT-focused malware, that exploited a list of default usernames and passwords, which most users never change.
The malware had infected hundreds of thousands of connected devices.
Each infected gadget became part of a “botnet”, a group of computers in thrall to the malware. Then the botnet then performed a “distributed denial-of-service attack.
By deluging the servers with junk messages generated by the subverted devices, the botnet prevented them from responding to legitimate requests.
Customer data; handle with care
So companies are aware of the danger of data security. A survey of managers by Bain & Company found that worries about security were the single biggest barrier for companies thinking of adopting IoT technologies.
A general rule is that good programmers working under careful supervision average about one bug per 2,000 lines of code.
And what to do? Read Serviceteam IT’s next on blog to hear some solutions to filling in the security gaps exposed by the net.