Yes, it can. Let’s prevent it.
The weekend’s local TV news headline read, “‘Felt so violated:’ Milwaukee couple warns hackers are outsmarting smart homes.” I’m sure it wasn’t pleasant. Someone was talking to them through their own security camera and cranking their thermostat up to 90 degrees. That’s beyond creepy.
If you have any smart home devices, even if you don’t have a complete smart home system, make sure they’re secured.
However, can hackers play games like these or do real damage with your business’s automation? Yes, and sometimes it’s even easier than with smart homes.
The Good
Automation in its various forms has brought undeniable benefits to countless corners of commerce. Automated climate control systems decrease energy costs for the logistics firm’s warehouse and the office building alike. Surveillance and access control systems provide obvious premise security benefits along with substantial personnel cost and loss prevention savings to almost any type of business. Industrial automation improves manufacturing quality and decreases labor costs.
The Bad
Automation promises increased productivity, safety, and profitability, but those promises are broken when poorly implemented security allows costly breaches that in turn result in damage to premises, equipment, products, and reputations. In so many other areas of IT security, what happens in cyberspace stays in cyberspace. Your risks are huge, but they’re typically limited to either no longer having your crucial business information or knowing that someone else does. By contrast, in many areas of automation, the risks cross over into the physical world.
The Not So Ugly
How can these industrial systems be even easier to compromise than smart home devices? The vendors behind these solutions sometimes assume that implementation will involve qualified IT professionals who know how to protect the network from the new risks and adapt security to the new vulnerabilities. Things don’t have to be secured out of the box, they figure, because your people will take care of all that. When this doesn’t happen, the shiny new solutions become big bad problems, the new equipment and components on the network are just sitting ducks, and the results can be disastrous.
It’s easy to see how implementing this valuable tool can be appealing, and in a rush to realize these significant benefits, security can be an afterthought or, worse yet, completely ignored. However, you can have the benefits of automation without the vulnerability as long as the risks are properly mitigated by professionals who understand how breaches occur and can take a fresh look at your IT infrastructure to make sure attack vectors are closed, proactive security is in place, and remediation procedures are developed and tested. Make sure you have the right people and budget in place to take these steps.
[Grant Hoover provides appropriately paranoid security solutions to small and mid-market businesses through his role as Senior Consultant at Symphony Systems.]
