In fact, there are there are currently eight billion IoT devices on this planet, says security consultant Jim Stickley, with that number expected to rise 20 billion by 2020. By comparison, he says there are roughly one billion personal computers (PC) and eight billion mobile devices active today.
“This market is just getting saturated with devices and clearly it’s not going to stop anytime soon,” Stickley said during his keynote presentation at the co-located CUNA Technology Council and CUNA Operations & Member Experience Council Conferences in San Francisco. “From a hacking standpoint, I can turn PCs, where there’s 1 billion, or mobile devices, with 8 billion. I like my odds a lot better with 20 billion.”
What’s more, many IoT devices are developed with web servers built into them, Stickley says, making them more vulnerable to attack.
Stickley demonstrated to conference attendees how he accessed a bank’s network (as the bank’s client) through a security camera using social engineering and redirect malware.
Stickley says the IoT is dangerous for companies because it exposes so many devices to the network. “As a hacker, I just want to get on the network,” he says. “If I just get on the network, everything will unfold for itself.”
He then showed the audience how he could lure a someone browsing the Internet to a malicious website and capture a network IP address.
“This just opens my eyes to just how big of a risk the Internet of Things can be,” he says.
Stickley says the biggest threat from the IoT isn’t necessarily companies such as Amazon and Google, which sell devices that connect to the Internet, but the endless stream of small companies that sell devices.
“Those devices are only as secure as the companies behind them,” Stickley says. “There are no regulations behind this stuff. It’s just chaos.”
Ultimately, education and awareness are the best defense against these threats, he says because as with most security issues it takes just a single human error to bypass any security system.
He offers three pieces of advice to avoid potential threats:
Keep up with firmware updates.
Never trust phone numbers that pop up on screen. Use only phone number provided by vendors.
Be cautious of website that don’t stop loading.
“You’re going to have these devices on your network, so you’re better off planning for it now, and figuring out ways to segment them,” Stickley says.
Credit Union Magazine’s Fall 2022 issue highlights credit unions’ role in cryptocurrency, the state of digital assets, cannabis banking compliance, the human side of technology implementation, and involving the board in financial discussions.
