Last week's Black Hack security conference brought exposure to countless security flaws in nascent Internet-of-Things technology. CBS News reports that security consultants have found ways to hack…
- And pretty much any other Internet-enabled device.
You read that right: hackers can steal your car.
Automakers are increasingly incorporating Wi-Fi, cellular, Bluetooth, NFC, and other network connections in vehicles. Unfortunately, many cars don't have a proper network structure to limit the damage of a cyber attack.
But this latest news is about more than just car theft. It highlights the growing security weaknesses we're likely to see in “smart” consumer products. Let's look specifically at how cars can be hacked and see what it illustrates about IT consultant liability.
Grand Theft Cyber: How Hackers Can Take Control of Cars
Some cars are more secure than others. Wired reports that researchers Charlie Miller and Chris Valasek analyzed 24 vehicles' networks to find potential security flaws. They then ranked the cars based on their vulnerability.
Last year, Miller and Valasek made waves by showing they could take over a Prius's braking system, but this year, they decided to perform a higher-level analysis. Their findings aren’t very shocking: many automakers don't know a thing about network security.
Vehicles can be hacked because the network that controls the audio, cellular, or tablet interface is often connected to the electronics that oversee the braking, parking, and acceleration mechanisms. Translation: uh-oh. By structuring their networks this way, car manufacturers essentially open the a door for hackers to access the parts of the car that should be most secure – like your brakes.
4 Takeaways from the Black Hat Conference
As an IT consultant, you're probably not worried about your clients' cars being stolen. But the bevvy of reports about smart-device vulnerabilities suggests that the future of data security could hinge on how well your clients’ non-computer devices are secured.
Black Hat security conference offers a few takeaways for your evolving IT liabilities:
- Cyber security is becoming more tangible. We've reported on other cyber attacks that could cause physical damage to your client's property (for more, read, "Good News for Your Clients: Cyber Coverage is Expanding"). As Internet-of-Things liability increases, theft and property damage are an increasing liability.
- The Internet of Things means more devices with amateur security. Car manufactures didn't know the first thing about network architecture, and it exposed their product to hacks. The same thing can happen as more and more non-computer devices (thermostats, refrigerators, doors, etc.) are connected to networks. The next Java-based attack could come through your client's coffeemaker. After all, hackers love a good pun.
- IT consultants always have more to worry about. Nothing ever gets easier for IT consultants. Dan Geer, the keynote speaker at Black Hat, said that cyber security is all about muscle. There is never going to be a permanent solution to security. It's always going to be about outmuscling hackers, botnets, and cyber criminals.
- Successful IT security depends on staying current. In addition to using the latest security software and updating client solutions, you must stay aware of the latest threats. In the last year, we've seen an explosion in the number of small business phishing attacks. Being aware of trends like this – and advising your clients accordingly – is part of your responsibility.
So what do IT consultants do in a world of constantly evolving cyber threats? You can protect your business with Errors and Omissions Insurance, which has third-party cyber liability coverage to pay for data breach lawsuits. If a client's network is hacked through an I-o-T exposure, phishing attack, or zero-day vulnerability, your insurance can cover your legal expenses and court-ordered damages.
Many IT professionals need E&O coverage before they are even able to sign a contract with a client. For free insurance quotes, complete our online insurance form, and one of our IT insurance experts will help you out.