4 Questions Your IT Consultant Should Answer Re: the Internet of Things

The oil pipeline fiasco on the East Coast is a clear example of a cyberattack where the hackers exploited a vulnerability and won – $4.4 million. With the help of a qualified IT consultant or a more prepared information security team, this disaster could have been avoided.

So far, there has been no evidence released that shows the cybercriminals penetrated the control systems of the network. So how were they able to impact the pipeline on such a large scale? They exploited a vulnerability the pipeline wasn’t aware of. These weak points are becoming increasingly common because of the Internet of Things. This article will help you better understanding the impact of these technologies for your organization.

#1: What Is the Internet of Things?

Traditionally, when you think about IT, you think about a computer. Then you might think of mobile devices, tablets, iPads and smartphones.

The Internet of Things is not centered around these devices: it’s about noncomputer devices. For example:

  • a newer TV
  • a Nest thermostat
  • a baby cam or a baby microphone

… are all devices that are not Windows, Mac or Android devices – but they do reside on your network.

Each of these consumer IoT devices runs on a type of operating system that provides instructions so that they can do what they need to do.

A Single Purpose

IoT devices are simple, single-purpose devices. For example, Nest’s purpose is to heat and cool your home. You can’t play games on your Nest thermostat. IoT devices fulfill their one function, and they fulfill it well, unless they’re not secured.

#2: What Are the Benefits of IoT for SMBs?

Consumers aren’t the only ones who rely on IoT devices. Small- and medium-sized businesses also utilize them frequently – but their devices are doing more than just controlling the temperature. IoT devices that SMBs rely on are used to control industrial systems. A Nest thermostat on its own just isn’t going to cut it for a commercial building.

These industrial systems run on either Supervisory Control and Data Acquisition (SCADA) networks or Industrial Control Systems (ICS) networks. Some are single-purpose and perform operations like open a pump/close a pump. They control chillers, water flow, smoke detection systems and more. The benefit is clear: IoT makes it easier to operate these infrastructure systems.

However, these devices are connected to the internet. If the device isn’t protected, it’s vulnerable. Protection starts with the installation of the new equipment, but it doesn’t stop there.

#3: What’s Next for IoT?

As consumers, we buy a new computer every 3–5 years. We make the upgrade from Windows 7 to Windows 10. But these IoT devices on SCADA or ICS networks aren’t updated nearly as frequently.

If you open a new business tomorrow and you want to be secure, you’ll hire an expert like itSynergy to come in and set up your information security. But if you hire an HVAC technician to install a new system that operates using IoT, you need to find out if that tech has the expertise to install the cybersecurity defenses the new HVAC system needs.

The Problem

Typically, HVAC vendors don’t have the IT expertise to set up the security an HVAC system connected to the Internet needs. A managed services provider can set up the system, segment it from the network, protect it using current defenses and ensure proper access control.

Our team at itSynergy is constantly updating our customers’ systems. We install software patches from Microsoft, Apple and over 100 other vendors to ensure your systems are equipped with the most up-to-date protections.

With IoT devices, vendors don’t roll out those protections. They aren’t securing the device when it’s installed, and they aren’t maintaining it to make sure the security is updated. An IT consultant will make sure those protections are in place.

Another major concern is that vendors aren’t releasing updates. A security flaw is found, but the vendor doesn’t fix it.

#4: Why Do You Need an IT Consultant for Your IoT Devices?

To limit the chances of a successful cyberattack, you need an IT consultant to set up and maintain cybersecurity defenses on any equipment that’s connected to the Internet.

When an attack happens (and the chances are high that it will), the system needs to be built and properly isolated in a way  that the attack can’t spread.

This is a real problem that’s going unaddressed. Organizations running these systems must have their vendors work closely with an IT management team or their internal IT team. The team needs to make sure that the security is installed correctly and that any threats are quickly detected.

It’s not uncommon for an HVAC vendor to install an IoT device so that the business owner can control the temperature from their phone. But the HVAC vendor doesn’t install the firewall. A flaw could have been found two years ago, but if the vendor never released a patch or the HVAC company never updated the software, there’s an easy opening for a cyberattack.

itSynergy Provides the Information Security for Your Network

In early 2021, a cyberattack against a water treatment plant in Florida was almost successful. The actor attempted to raise levels of a chemical to the point where it could have poisoned the public. The hacker had accessed the plant’s SCADA system, because there weren’t enough cybersecurity defenses in place and updated.

You can’t just install some anti-virus programs and hope nobody gets past them. To prevent successful cyberattacks at any scale, it’s crucial to continually monitor and update the cybersecurity defenses on IoT devices.

An IT consultant can help you build your technology strategy. By partnering with a managed services provider like itSynergy, you can reduce the chance that an attack like this will be successful against you. Our founder, Michael Cocanower, will use his expertise as a Certified Ethical Hacker to help guard your business against cybercriminals. Contact us today to learn more about how we can work together.

Leave a comment

Your email address will not be published. Required fields are marked *