- The CEO of the cybersecurity firm Darktrace says hackers are increasingly targeting unprotected “internet of things” devices, such as air-conditioning systems and CCTV, to get into corporate networks.
- She told the WSJ CEO Council Conference that in one incident, a casino was hacked through the thermometer in its lobby aquarium.
- A former director of the UK’s Government Communications Headquarters also called for laws outlining minimum security standards for internet-of-things devices.
LONDON — Hackers are increasingly targeting “internet of things” devices to access corporate systems, using things like CCTV cameras or air-conditioning units, according to the CEO of a cybersecurity firm.
The internet of things refers to devices hooked up to the internet, and it has expanded to include everything from household appliances to widgets in power plants.
Nicole Eagan, the CEO of Darktrace, told the WSJ CEO Council Conference in London on Thursday: “There’s a lot of internet-of-things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.”
Eagan gave one memorable anecdote about a case Darktrace worked on in which a casino was hacked via a thermometer in an aquarium in the lobby.
“The attackers used that to get a foothold in the network,” she said. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
Robert Hannigan, who ran the British government’s digital-spying agency, Government Communications Headquarters, from 2014 to 2017, appeared alongside Eagan on the panel and agreed that hackers’ targeting of internet-of-things devices was a growing problem for companies.
“With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem,” Hannigan said. “I saw a bank that had been hacked through its CCTV cameras, because these devices are bought purely on cost.”
He called for regulation to mandate safety standards.
“It’s probably one area where there’ll likely need to be regulation for minimum security standards, because the market isn’t going to correct itself,” he said. “The problem is these devices still work — the fish tank or the CCTV camera still work.”