Challenges that Emerge as a Result of Automation
While the optimists in us recognize the benefits of automation through the elimination of dull and repetitive tasks, it is by no means perfect. The more risk-averse among us are biting their lip and considering all the things that could go wrong.
A Larger Attack Surface
From a security perspective, automation applied indiscriminately creates the potential for disaster. A report compiled by software company Forescout Technologies estimated that hackers can gain access to IoT devices such as IP-connected climate control infrastructure, security systems, wireless printers and even smart light bulbs in as little as three minutes. Once they gain that access, hackers can potentially plant backdoors into a company’s network, take control of security systems and manipulate temperatures in climate controls. That could result in the theft of company information, the holding hostage of critical systems or damage to sensitive equipment.
Consider recent events at the Water Division in a small town in Florida, US. In January 2021 a hacker remotely accessed the facility’s internal systems and attempted to raise the levels of lye in the water supply to amounts that would have been fatal. Fortunately, a Water Division employee caught the intrusion and was able to reverse the changes before they could inflict harm.
The fact that some issues have not yet occurred does not mean they will not happen in the future. In 2017, medical device maker St. Jude Medical released a software patch for its Merlin@home transmitter to reduce the risk that the company’s RF-enabled pacemakers and defibrillators could be hacked into. And in 2015, a team of researchers was able to take control of a Jeep SUV through its Wi-Fi connection by taking advantage of a firmware vulnerability.
Physical Network Security
Along with accessing devices via network connections, bad actors can take advantage of lax security by directly accessing exposed USB and Ethernet ports, surreptitiously uploading malware via a flash drive. Every new device is a new potential entry point for attackers.
Think it cannot happen? Think again. In 2016, an unnamed North American casino lost 10 GB of data to hackers who gained access to internal computer systems by accessing sensors that regulated the temperature of a fish tank. That data was sent to an unidentified device in Finland.
“IoT is here to stay, but the proliferation and ubiquity of these devices in the enterprise is creating a much larger attack surface — one which offers easily accessible entry points for hackers,” said Michael DeCesare, President and CEO, Forescout Technologies. “The solution starts with real-time, continuous visibility and control of devices the instant they connect — you cannot secure what you cannot see.”