• tstewart528

How can hackers break into your IT Ecosystem?

The Mirai Botnet, the Verdaka Breach, Western Digital’s My Book Live – just 3 examples of how Internet of Things (IoT) devices are causing even more headaches for CISOs and cybersecurity specialists.

IoT breaches are slowly becoming the norm when it comes to talking about cybersecurity. With an expected increase from 15 billion to 30 billion devices by 2025, these breaches are only going to become more common for businesses and security organisations. But why is this?

Well, there’s a variety of reasons why these breaches occur. Historically, hackers have typically been able to manipulate the likes of me and you – socially engineering us to handing over login credentials and security information. While this might sound old-fashioned, these hacks are often extremely sophisticated.

Once an attacker has a user’s ID and password, it’s a simple matter for that hacker to login and do whatever they like inside the system. Of course, nobody voluntarily hands over security information about their devices and/or accounts. However, the passwords associated with IoT devices are often ‘password’, ‘admin12345’ or something equally as insecure and essentially very easy to guess. In essence, these devices do not require a high level of security expertise to penetrate – for the most part.

A hacker simply has to identify where an open port might be in your ecosystem (using free, open-source tools), then do their required due diligence on what it takes to break into the system via the targeted device. It really isn’t difficult for sophisticated hackers to break into a system, especially if they’re doing it in the name of ransomware. If a rogue hacker has enough motivation and reason to cause a breach, there is very little that businesses can do to combat that in real time. It requires a proactive approach of making sure your systems and devices are as secure as possible from the outset, not the typical reactive approach of employing a contractor to fix an already-breached ecosystem.

Using this same logic, hackers can break into machines and systems and simply decide to install additional layers of code to launch attacks on other machines in the network. Again, a proactive approach is needed.

It’s totally infeasible to think that an entire ecosystem is secure de-facto. After all, cybersecurity is a process, not a destination. But by ensuring that the right proactive approach is implemented, business can take control of their risk profile and minimise the risks associated with IoT devices and their IT infrastructure more broadly.

3 views0 comments

Recent Posts

See All