Emerging Crisis Management Risk: the “Internet of Things”

Sections of this topic

    How hackers used a fridge to conduct a cybercrime campaign

    It’s clear that an increasing number of the things we use every day can and will be connected to the ‘net. However, the same connectivity that allows us to turn down our thermostat or click off the TV while we’re away from home also leaves room for hackers to attack.

    Their efforts are keeping them far more than a step ahead of your average business, and one of the newest tactics is taking advantage of the “Internet of Things” – our connected DVRs, televisions, routers, and, in a recent incident uncovered by security experts at Proofpoint, Inc., even a refrigerator, to power nefarious online activity:

    The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 emails were initiated from any single IP address, making the attack difficult to block based on location — and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use.

    Cyber crime is a profitable business, a fact which motivates hackers to constantly explore new avenues of attack, but, as with many other aspects of crisis management, many organizations fail to see the costs associated with not preparing before they’re paying dearly to recover.

    At this point it’s safe to assume you will be hacked at some point. Whether it’s through your fridge, a phishing email, or just someone with a silver tongue and some knowledge of social engineering, the difference between a troublesome situation and one that costs you big time in terms of lost trust, reputation, business and time will be how much you cared beforehand.

    For more resources, see the Free Management Library topic: Crisis Management

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]