Imagine an Internet of malicious things

The Internet of Things is (IoT) is the concept of many different devices which connect together to bring about a richer online experience.  These items include routers, automation systems, Internet telephony, security cameras, file sharing network drives and other network appliance devices.

With new functionality comes new risks

Despite the added convenience and productivity, the Internet of Things also poses a clear and present danger toward information and network security.  Malicious hackers are already weaponizing broadband routers to attack other networks, redirect network traffic (such as the websites you think you are visiting to malicious copycats), creating back doors in to your network to access internal resources and more.

Broadband routers are only where the security concerns begin.  Every Internet connected device has similar vulnerabilities, some even with backdoors from the manufacturer, which can be exploited to gain otherwise unauthorized access.

Imagine your company’s network attached storage system being compromised by malicious hackers and sensitive internal data siphoned off to the highest bidder — or held for ransom.  It’s not a far fetched scenario.

Often ignored, network appliances may be a silent threat

While most computer users will install software updates for routine items like Windows, Adobe, Java and their web browser, many are not familiar with the same concept for network appliances.  Almost every single one needs to be updated regularly.  The updates come in a software package which is called firmware.  It is in essence an embedded operating system that is customized to run a network appliance.

Firmware patches are issued for three main reasons (in order of prevalence):

1: Security

2: Other bug fixes

3: New features

These patches are not automated, and often require a computer user to go through several sometimes complicated steps.  And at the end of the update process there is some possibility that it will damage the network appliance if it did not install properly.  This is where the popular term “bricked” comes from, in that your device is now about as useful as one.

In addition to out of date firmware, many users may not change the default password or security settings on their network appliances, creating the possibility for anyone with access to compromise them and take them over.

What can one do to stay safe?

If your business does not have someone on staff or on contract to handle these issues it is best to hire a qualified professional.  Data breaches, malicious attacks on a network and other less than desirable activity are much more costly to deal with after the fact than the investment in preventative measures and maintenance.

Posted in cybersecurity, small business.