The Rise of the Drinks Machines: IoT vanity projects leave you vulnerable to botnet attacks

 
Ben Boswell
Follow Ben
Chicago School Officials Address Junk Food
Just because a device can be connected does not mean that it should be. (Source: Getty)

Earlier this year an American university noticed its internet was faltering, and essentially unusable.

Further inspection revealed that its IT system had been taken over by an army of connected drinks machines, hijacking and throttling the connection, sent on a rampage to overwhelm the network with hundreds of requests for seafood.

Thankfully, for both the students and the crabs, a heroic IT professional was able to diffuse the situation before the likes of Jack Bauer had to be called in. However, the case is another reminder of the havoc poorly planned Internet of Things (IoT) initiatives can cause within organisations.

Before you leap

There has been a boom in IoT that will not wane. A predicted 21bn connected devices will be online by the year 2020 – a threefold increase on 2016. But just because a device can be connected does not mean that it should be.

Often, companies run before they can walk, implementing IoT projects with no real business objective, which leaves them open to greater cyber risk. Not fully understanding the business outcome or the critical underlying IoT infrastructure can lead to a fragmented solution that may not be secure, sustainable or scalable.

To connect, or not to connect?

Each IoT device is a potential entry point into the network, which means that IoT can’t be just a vanity project. Businesses need to be clear about the value of the data they are collecting. It’s not just about sticking a microchip in a fridge; but a coffee shop chain can define clear value in connecting their fridges to an analytics programme which maintains optimum temperature and keeps a panini at its best. Armed with a clear goal and an analytics function to match, any business can sidestep vanity and achieve standout results.

It’s all in the network

IoT projects must be integrated from the ground up. The attack of the rogue vending machines was possible because they were integrated within the university’s main IT infrastructure. Engineers should have asked whether it was necessary to connect vending machine stock levels with student records and financial data. Connecting devices into an existing network structure is usually a disaster waiting to happen. Segmenting a network, and introducing air-gaps between essential and non-essential devices, helps to form a physical barrier against cyber breach.

Work smarter, not harder

IoT security goes further than a firewall. Attention must turn towards tools which predict areas of weakness, pinpoint risks and identify threats to the entire technology ecosystem. Education is also vital and organisations should consider courses and workshops which keep staff knowledge updated in line with industry developments, to foster greater security awareness.

Involve the team

High profile hacks continue to hit the headlines, and will hopefully convince senior executives that their IT infrastructure is a key business area. Data professionals will know that the EU’s General Data Protection Regulation is due to come into effect early next year. This means that companies will have to report any security breaches within 72 hours, and firms with leaky IoT infrastructure will be the first to fall foul of these new rules. A successful IoT project is one which is planned holistically, involving the business beyond the IT team.

Don’t panic!

Before you drop this paper and start tearing out network cables, remember that the benefits of smart IoT adoption far outweigh the risks. Figure out how IoT can dramatically reduce costs, create dazzling customer experience, or even deliver predictive analysis to fix a technology before it breaks.

However, the warning remains: before your firm rolls out WiFi-enabled fridges, lightbulbs or underwear, make sure that your security posture is rock solid. (And keep an eye on the Coke machine!)

Ben Boswell is UK & Ireland director of World Wide Technology.

Related articles