This post originally appeared on the Louisiana Technology Park blog.
Benevolent hackers with IT cybersecurity firm EtherMon were able to remotely take control of several earth-moving excavators and drive them around via the internet during a recent risk assessment for a company with heavy industrial equipment.
EtherMon CEO Brandon Reeves says the exercise, which was authorized by the company, was a stark example of why businesses should develop robust cybersecurity programs as more devices become connected to the internet. He says that while the growth of connected devices and data can create business opportunities, it also presents vulnerabilities that many companies overlook until it’s too late. “That means that somebody can take advantage of it and use it for good or to harm you in some way — and we see that a lot,” Reeves says.
Reeves and David DeArmond, owner of business productivity and IT services firm Strix Louisiana, spoke about cybersecurity at a recent Tech Park Academy workshop at the Louisiana Technology Park. The two cybersecurity experts led a discussion of emerging cyber-risks for businesses and how companies can ensure they are protected.
The company with the vulnerable excavators is hardly unique. Reeves says his firm has a 97 percent success rate of gaining administrative access when conducting authorized penetration testing for large organizations.
“That means that we can control their systems from our office, our couch, Starbucks or anywhere else, and theoretically lock them out and take over their systems simply because there’s some lax technology or implementation,” he says. “It’s usually because somebody did some shortcut somewhere. Most technology is so hardened today that you shouldn’t be able to do this, but we see it time and time again.”
Reeves says that while companies tend to focus on their own employees and systems, third-party technology providers, such as Wi-Fi access points and internet-connected televisions, can present security threats that are frequently overlooked. “All of those things in some capacity pose some level of risk,” he says. “And what most people don’t realize is it’s their responsibility as a business to manage that risk.”