Warren Buffet once said, “Risk comes from not knowing what you’re doing.” That’s especially true in the realm of cybersecurity, where we’re our own worst enemies. We think cyberattacks happen to other organizations — larger organizations — when, in fact, companies with 250 or fewer employees accounted for 31 percent of cyberattacks last year.
One of the greatest rewards in my line of work is helping others — protecting them against the known threats and preparing them for the unknowns. So when crainsdetroit.com invited me to write a blog series on cybersecurity, I jumped at the opportunity. Here’s a brief overview of the topics to date.
Buckle up: It could be a bumpy ride
In 2013, two researchers demonstrated that they could control a car’s engine and force the vehicle to accelerate, turn, brake, honk the horn, control headlights, and modify speedometer and gas gauge readings. Scary, right? Moreover, thanks to the telematics systems found in most cars, hackers can connect to your car from miles away. Thankfully, major vehicle manufacturers, including Detroit’s Chrysler, Ford, and GM, have been working together to develop a plan to protect the industry. This includes precautions like only allowing tested and approved apps to be connected to vehicle systems, running diagnostic security tests as part of routine checkup services, and securing cars with encryption and digital signature technology. It’s great to see the industry working to get ahead of hackers. Let’s hope it stays that way.
Cyberattacks at 35,000 feet
Chris Roberts, a pro hacker and cybersecurity guru, raised eyebrows when he claimed that he was able to control an aircraft’s engine during flight, tamper with the temperature on NASA’s space station, and hack into various airline control panels. While his assertions remain unproven, his story has led specialists to take a deeper look at cybersecurity, not just on the ground but also in the air.
Roberts said he was able to hack into aviation systems using default user IDs and passwords. The FBI and TSA have since encouraged airlines to investigate network tampering or signs of intrusion and refrain from using default passwords.
This is a jarring reminder of the potential threats and necessary precautionary measures. Cybersecurity experts are a great asset in identifying vulnerabilities before the bad guys, but they can’t put people’s lives, or our critical infrastructure, in danger to do so.
And then there are the medical devices
Even personal medical devices, including heart monitors and insulin pumps, are vulnerable to attacks. Once a device is hacked, it can give a false reading or lead to excess, or lack of, medication that could kill patients.
As an increasing number of medical devices are connected to the Internet through wireless or Bluetooth, the U.S. Food and Drug Administration has issued cybersecurity management guidelines to medical device manufacturers. They include things like accessing devices solely through user authentication, timed session termination, strong passwords, and implementing features that protect critical functionality, even when the device’s security has been compromised.
As the healthcare technology landscape continues to become more digitally connected, it also becomes more open to attack. It’s important that we understand the vulnerabilities so that we can make informed decisions regarding medical devices and their use.
This may all seem like doom and gloom, but there’s good news: when it comes to cars, airplanes, and medical devices, we’ve managed to mitigate any serious issues. Unfortunately, there’s no one-size-fits-all solution when it comes to developing cybersecurity infrastructure. Understanding the unique risks we face, in addition to arming ourselves with the necessary tools, is essential to fend off the hackers. And remember, cybersecurity is not just an IT issue — it’s a business issue that should be considered in the organization’s overall strategy and long-term investment plan.