How secure are your companies' online networks?
While most of you, no doubt, have knowledgable information technology professionals on your respective payrolls, some of you may be putting too much confidence in too many people, companywide.
Consider a recent report by DigitalTrends.com (see: www.digitaltrends.com).
The report warns: "Countless devices, ranging from webcams to electrical power plants, are insecurely connected to the Internet, making them vulnerable to hacker intrusions and other cyberattacks. Hundreds of millions of these devices can easily be found through Shodan, which indexes the 'Internet of Things' in the same way Google indexes websites. It is through Shodan that the FTC – or anyone else – will likely discover the next Trendnet."
For background, the U.S. Federal Trade Commission (FTC) has issued a complaint against Trendnet.
Trendnet is an Internet-connected device maker. According to DigitalTrends.com, the complaint was issued because "Due to a security flaw in one of its webcams – a device marketed for home security and baby monitoring – hackers could spy on people in their own homes."
("That's a comforting thought," I said to myself, as I glanced from my online computer's keyboard to its online internal camera, wondering if I should smile at the now web-connected camera or simply flip the international digit of irreverence from my non-typing left hand. I opted for the latter, by the way.)
In his column this week, Jim Thompson points out that "Shodan finds cameras, power plants, or anything that is connected to the Internet. Where Google looks for words and content, Shodan looks for connected devices. It is the 'go to' site for hackers. It has been written about by CNN, Forbes and other publications," Mr. Thompson writes.
"The biggest failure of security is that IT managers have failed to use even simple password encryption to protect complex operating processes. 'Admin' and '12345' are still the most popular passwords on the Internet."
Mr. Thompson is not exaggerating.
At one time, I worked for a very large national media company. Many years ago, its IT "professionals" had in place a user name and password login that were "admin," followed by "admin."
Computer passwords should be complex and periodically changed. Some companies automatically change key passwords when they experience any change in personnel. It's a good practice.
Most of the best practices for online security are common sense and due diligence. For those less familiar with what goes on within their IT departments, there are myriad resources available online.
In the fictional world, Shodan is an acronym for Sentient Hyper-Optimized Data Access Network. In reality, Shodan was established by John Matherly four years ago.
A Forbes report by Kashmir Hill says it was "originally conceived as a way for companies to find competitors’ products connected to the Internet. Instead, it’s become a crucial tool for security researchers, academics, law enforcement and hackers looking for devices that shouldn’t be on the Internet or devices that are vulnerable to being hacked.”
Let's give this week's Final Word to John Matherly: “I don’t consider my search engine scary. (What is scary) is that there are power plants connected to the Internet.”
Let's be careful out there in cyberland.
Rory Ryan is Senior Editor, North American Desk at Paperitalo Publications. He can be reached by email at firstname.lastname@example.org.