In an increasingly connected world, the threat posed by cybercriminals will extend further than ever before – the Internet of Things (IoT) is shaking things up.
It’s no longer about computers or smartphones being at risk – any object, any ‘thing’ that is powered by a computer and/or connected to the internet, is a target.
This can be seen in modern cars. Less than a generation ago, it was have been unthinkable that these modes of transport could be hacked.
The discussion – and the threat – is widening it seems, with a recent BBC News feature highlighting the fact that buildings are increasingly susceptible to cybercrime.
In the report, it is estimated that the number of connected buildings, including hospitals, research facilities and even churches – in the world number around 50,000. Worryingly, 2,000 of these are thought to have no password protection in place.
Even organizations like Google, known for being proactive in boosting the security of the web, are not immune to this threat, as an incident revealed in 2013.
Two white-hat security researchers from the US managed to hack into the building management system of an office belonging to the tech giant in Sydney, Australia.
Cyberattacks on buildings more common than you think
While this was just a test, actual cyberattacks to buildings are “happening all the time”, explained Martyn Thomas, a professor of IT at Gresham College in the UK, in the BBC’s report.
Andrew Kelly, principal security consultant at defence company Qinetiq, shares this assessment, stating that specific types of cyberattacks – especially ransomware – are “on the horizon”.
And Mr. Kelly is concerned about the state of play today. His research into smart buildings, for example, was a revelation, with building management systems found to be most at risk.
“In all cases, pretty much without fail, these systems had been procured without thought to how to make them secure. I was absolutely shocked,” he told the broadcaster.
“We saw systems installed with default passwords where it would be a trivial exercise for someone remotely to gain access.”
by Narinder Purba, ESET We Live Security