Target CIO Beth Jacob lost her job last week, due in large part to a security breach precipitated by a third-party vendor. According to news reports of the data breach incident, a Pennsylvania based HVAC contractor, was accessing systems remotely to manage heating and cooing systems in Target stores. Using this backdoor entry point, the hacker was able to penetrate the Target network and steal millions of credit card records. By discovering this security “soft spot”, a massive threat was created.
In a recent WSJ.com article responding to the resignation of Jacob, Tom Loftus indicates there are “5 things” businesses need to do in response to this attack, including, “Beware of the Internet of Things”** In his article, Loftus also points out that network vulnerabilities are often found in areas least suspected and (as in the case of a US Navy cyber attack): “Customers should also engage their cybersecurity vendors in frank discussions about back doors and other areas where they might comply or be complicit with government espionage activities.”**
The landscape of the Internet of Tomorrow can be view much like a giant neighborhood, with billion dollar houses situated next to decrepit properties. Wealthy and (seemingly) secure Corporations are on the same “block” as desperate criminals.
There’s little evidence to substantiate the claim that business can avoid the Internet of Tomorrow. Corporations and Government clients will continue to make buying decisions based on a combination of product, price, and, service – while keeping a keen eye on price. If connected devices offer the best combination of buying criteria, (their) dissemination will continue to evolve. Just because the IoT appears to be frightening doesn’t mean that businesses should throw their heads in the sand and avoid inevitable technology shift. It is however vitally important that the solutions businesses procure, provide the security necessary for the changing IT landscape.
There’s nothing fundamentally wrong with connected devices, however if proper security measures are not adopted in conjunction with their deployments, the results can be catastrophic- one look at Target proves the point.
** For the full WSJ.com article, please see: http://blogs.wsj.com/five-things/2014/03/07/5-things-about-cybersecurity-we-learned-this-week/
About CDI: CDI builds secure Out-of-Band Management equipment used by Government and F500 companies worldwide. CDI’s M2M solutions provide PCI-compliant two-factor authentication, on-board the appliance, and also offer a FIPS 140-2 validated series of units providing full AES-256 encryption.