908-232-9545
Areas of Expertise

Phishing or Fishing for Information: The Dangers of the IoT

by Steve Wantola
https://www.i3info.com/wp-content/uploads/2021/11/phishing-resized-1280x854.jpg

In our ever more connected world, the Internet of Things (IoT) is another example of how easy it is to forget “Security 101.”  There are now more devices than ever in the IoT category to please our every whim — devices such as home security systems, appliances, and even our children’s toys communicate with us via an internet connection. Do I really want to talk to my refrigerator?? Hmm. While these devices don’t normally appear in an organization’s internal network, there are a host of similar “corporate” IoT devices that do.  What tends to be forgotten is that every one of these, when connected to your organization’s network, looks just like any other endpoint – one that tends to be overlooked as far as securing it goes.

Here’s an Actual Very Scary Scenario

Let’s take the example of a North American Casino (name withheld for both security reasons, as well as to spare embarrassment to their IT staff)…

A large fish (phish?) tank was installed on the main casino lobby level. Fish tanks are pretty and soothing to look at but can be a pain to maintain. Enter the IoT world!! The casino installed a device that monitored the conditions in the tank, such as water cleanliness, food supply, and temperature. Nice!

The problem was that this monitoring device was then connected to the casino’s internal network. Yep, the bad guys went “fishing,” and before it was discovered, approximately 10GB of data was ‘expatriated’ to a device later confirmed to be in Finland (which is not normally a country you might associate with this type of “phishing!”)

Lesson Learned: Everything is an Endpoint on Your Network

Everything that gets connected to your organization’s internal network is considered an endpoint to the network, and it must be secured in the exact same fashion as if that fish tank monitor had been an employee sitting at home with the company’s PC logged onto the network.

Want to be absolutely sure of your organization’s security posture? That’s what we do! Contact us by filling out the form below or giving us a call for an introductory security evaluation performed by an experienced Cybersecurity Compliance Consultant. It could be the best decision you will make today.

And that’s no fish story!

Published on November 18th, 2021

LIKE AND SHARE THIS ARTICLE:

by Steve Wantola

Steve Wantola has had a long-standing professional relationship with i3 and has the highest respect for the company’s management, its operational integrity, and dedication to its clients. Mr. Wantola holds a Certified Information Security Manager (CISM) certification from the ISACA, is a Registered Practitioner (RP) for the Cybersecurity Maturity Model Accreditation Board (CMMC-AB) and has served on the Cybersecurity Advisory Board of Rutgers University.

previous
Contingent Workforce Trends
next
Preparing for Cyber Safety and Security in 2022

Find out how i3 can support your staffing and consulting needs:

    INFORMATION INTEGRATION INCContact Us
    908-232-9545
    clientservices@i3info.com
    GET IN TOUCHConnect with Us
    Home
    i3 Staffing Services
    i3 Consulting Services
    Expertise
    Representative Clients
    Partner Program
    https://www.i3info.com/wp-content/uploads/2020/09/WBE_Certified-160x160.png
    About Us
    Case Studies
    Join Our Team
    Blog
    https://www.i3info.com/wp-content/uploads/2020/09/2d6a2a_983f684b817846d4b86ea16d848efc1f_mv2-160x160.png
    BLOGLatest Posts From The Blog
    Why Human Writers Are Increasingly Called to Fix AI’s Bungled Output
    Why Human Writers Are Increasingly Called to Fix AI’s Bungled Output
    Cybersecurity Compliance Reviews
    Cybersecurity Compliance Reviews
    Embracing a Single Cybersecurity Framework: ISO or NIST
    Embracing a Single Cybersecurity Framework: ISO or NIST
    Is Your Online Training Accessible?
    Is Your Online Training Accessible?
    The Great Return: What Learners Want You to Know
    The Great Return: What Learners Want You to Know
    INFORMATION INTEGRATION INCHeadquarters
    212-590-2333
    clientservices@i3info.com
    New York Office:

    Information Integration Inc. (i3)
    1345 Avenue of the Americas, 33rd Flr.
    New York, NY 10105

    GET IN TOUCHConnect with Us
    BLOGLatest Posts From The Blog
    Why Human Writers Are Increasingly Called to Fix AI’s Bungled Output
    Why Human Writers Are Increasingly Called to Fix AI’s Bungled Output
    Cybersecurity Compliance Reviews
    Cybersecurity Compliance Reviews
    Embracing a Single Cybersecurity Framework: ISO or NIST
    Embracing a Single Cybersecurity Framework: ISO or NIST
    Is Your Online Training Accessible?
    Is Your Online Training Accessible?
    The Great Return: What Learners Want You to Know
    The Great Return: What Learners Want You to Know
    https://www.i3info.com/wp-content/uploads/2020/09/WBE_Certified-160x160.png
    https://www.i3info.com/wp-content/uploads/2020/09/2d6a2a_983f684b817846d4b86ea16d848efc1f_mv2-160x160.png