Internet of Things: The cybersecurity threat of aging legacy systems

When it comes to the Internet of Things (IoT) the list of ‘things’ is endless. Everything from cellphones, to headphones, home security devices to refrigerators are now accessible and connected to the internet. This is great news for advancement in technology, but it also opens new and exciting opportunities for cybercriminals, especially if the ‘thing’ we’re talking about is an airplane, x-ray machine, oil rig or Amtrak train. IoT enables manufacturing, transportation, and healthcare industries to evolve and expand, but it also creates ‘show-stopping’ vulnerabilities and new cybersecurity threats facing some major industries.

The analyst firm Gartner says that by next year there will be over 26 billion connected devices connected to the internet, including 250,000 vehicles. Unfortunately, many companies are looking at their IT budget and applying the old adage “if it isn’t broke, don’t fix it”, creating gaps in security and leaving themselves vulnerable to cybercrime.

Medical devices are one of the greatest threats in the evolving Internet of Things (IoT). Legacy hardware and software are posing an even greater threat to health IT than in the previous years. Often budgeting is an issue when it comes to outdated equipment. Legacy X-ray, MRI or EKG machines that are connected to Wi-Fi may still operate efficiently, but if it’s outdated and not running regular patches or updates, it’s vulnerable to a cyber attack.

Often, the budget to replace a legacy machine is the barrier between an IT department and the Finance department and systems are only replaced after a breach occurs. At an increasingly high rate, cybercriminals are taking advantage of legacy hardware, outdated security strategies and most frighteningly, implanted medical devices. Protecting patients against data breaches and even something as serious as a fatal dose from an insulin pump, or a devastating breach of a pacemaker. To secure healthcare systems and medical devices, the most important factor is visibility. Maintaining, monitoring and controlling everything that’s connected to your network is critical to contain, manage or completely stop a cyber attack.

The Industrial Internet of Things (IIoT) is replacing people on the manufacturing floor with artificial intelligence, improving efficiency and mass production. But, if a machine goes down the business may go down with it. Cybercriminals leverage manufacturing devices to gain ransom, affect the quality of the product, or even halt production altogether. Because most manufacturing systems are connected to other vendor networks, this makes the manufacturing industry one of the most vulnerable when it comes to stolen data, blueprints or design secrets.

When securing manufacturing environments, the problem is that most machines were not designed with security in mind and are unable to be patched directly, either by design or because the machines are outdated. A simple phishing email could take down a manufacturing company in a matter of seconds. To ensure machines on the floor are secure, companies must start wherever their data is stored; implementing security best practices, endpoint protection, and monitoring, and stopping the breach before it ever hits the warehouse floor.

Thanks to the Internet of Things (IoT) transportation applications, the margin for human error has been significantly impacted, creating a safer more convenient way to operate trains, planes, and even cars. Using geolocation and data analytics the efficiency of delivering both good and passengers safely has advanced tremendously over the past decade. Now, using predictive weather modeling, mass transit schedules can be calibrated to anticipate delays and prevent disruption.

But in the event that a breach occurs or if a device fails to function properly catastrophic consequences may ensue. Not only could bodily injury or property damage occur, but imagine a cybercriminal at the helm of a self-driving train. Without a strategic multi-level approach to cybersecurity, catastrophic consequences for the transportation and logistics industry.

Over the next 3 issues, we’ll be tackling the Internet of Things (IoT). Join us in this three-part series, as we dig deeper into the cybersecurity issues surrounding the healthcare, manufacturing and transportation industries and the interconnected devices that make up their networks. We’ll break down each industry and share tips and best practices to secure your devices and your business.