The head of PWC’s Threat intelligence Practice, has warned that the rise of the Internet of Things (IoT) posed the biggest future threat to cyber security.
Speaking to the Insurance Institute of London at the Lloyd’s Old Library Louise Taggart warned the IoT was already being utilised by criminals to access more secure areas of business systems.
She said the expectation was the coming years will see the number of items which are attached to the IoT will double to 20 billion and many were things that most individuals and businesses would not perceive as a threat.
“We are seeing T-shirts which are now embedded with technology that allows you to display your Instagram and social media on it,” she explained. “We have systems in fridges which will tell you specifically how fresh your eggs are and when you need to restock them.”
However, she warned firms are already falling foul of the inability to see devices that are attached to the IoT as a threat to their whole system.
“We have seen a case in the USA where a casino had a giant fish tank in the lobby,” she explained. “The fish tank had a sensor, attached to the internet, which would regulate the temperature of the water. Criminals hacked the sensor and used it to access the casino’s secure systems and downloaded significant levels of data which included a list and details on their high value clients.”
Ms Taggart added: “The worry with so many of these devices is that they are not built with security first and foremost in the designer’s mind. They are simply designed and built to be quickly brought to market and that leaves them vulnerable.”
When asked about the future threats, aside for the rise of IoT enabled devices, she said one was the growth in Deepfake content. Deepfake is when false videos and other content is created to a level where it is near impossible to tell the fact that it is not genuine.
Ms Taggart warned that the Deepfake threat has continued to grow and there was increased concern around the ability foreign states to use social media to manipulate public opinion and elections in both their own and other nations.
She also warned that the rise in ransomware attacks should not be met with an increase in the speed or willingness to pay when data is compromised.
“I would say that you should not pay any ransom in such incidents unless there are lives at stake,” she warned. “There is no guarantee that you will get the data back.”
Indeed, she said there has been a rise in new software which no longer denies access to the data but completely wipes it, so any payment cannot lead to the recovery.
“You have to seriously ask yourself what could your business simply not survive without,” she explained. “When you have identified it you need to put in place systems to protect it.
“Cyber crime is no longer a standalone IT issue it cuts across everything we do.”