It’s hard not to see IoT security failures in the news because they can be dramatic, and this week was no different.  The Register reported that in Moscow a skyscraper-high plume of sewage had erupted, with speculation that Ukrainian hackers were behind it (the official explanation was that it was a gas release because of repairs).  In a conflict that has had both sides mounting significant cyber attacks and using compromised IoT and OT systems to gain an advantage it would be a fair bet that this too was an IoT security failure. 

Moscow isn’t the only place that might be facing some frankly sh*tty implications of IoT security.  All organizations that operate cyber-physical systems, ones that operate both in the cyber world and in the physical world, are a distinct part of overall cybersecurity concerns because of their ability (unlike data theft) to cause significant and visible impacts – stopping mass transit, making an energy grid collapse, contaminating water supplies, or opening all doors to a business (or locking everyone out).  Think of the worst case for your own business; at a minimum it might be disruptive, at worst it could cause harm or death to people (or the company).  The consequences of IoT security failures can be very “real world” and not limited to data. 

Moscow not the first to see this kind of exploit either; Maroochy Shire (Queensland, Australia) in 2001 suffered a cyber incident that caused 265,000 gallons of sewage to gush forth, including the grounds of the Hyatt Regency Hotel.  In 2020, suspected Iranian hackers targeted multiple water and sewage facilities across Israel in what officials described as a coordinated cyberattack. Also in 2020, ransomware affected systems of the Bay Area Rapid Transit (BART), leading to a brief, inadvertent release of sewage at certain BART stations.  In 2021 malicious hackers gained remote access to the Oldsmar water treatment plant and attempted to increase the levels of sodium hydroxide (lye) in the water supply to dangerous levels.  

As an organization you have a choice: be ready to absorb the risk and impact of (either metaphorically or literally) having sh*t rained down on your customers and employees, or invest in earnest in preventing IoT security failures.  Those risks include business continuity, employee and customer safety, reputational damage, and financial ruin – the impact of IoT security failures can be massive. Already have an IoT security strategy in place but not happy with the results?  You’re in good company, as our recent survey found that while almost every company has an IoT security plan, more that 65% are not being successful with it (and 50% believe IoT security is the weakest part of their overall security).  Download a copy of our survey here; it can give you a sense of where your tech stack, governance, or other aspects of security can be improved. 

Just starting your IoT security journey? Solutions like Viakoo that were purpose-built to take you on the full journey from asset discovery through threat assessment and vulnerability remediation are ready to help you today.  Before disaster strikes (or your toilets won’t flush) take your IoT security to the next level (of safety and risk-reduction); all of your stakeholders will thank you for it. 

Share this