Another organization calls for IoT privacy regulation, more on Atlanta’s ransomware recovery and maritime companies have to get ship-shape
Welcome to Cyber Security Today. It’s Monday June 11th. To hear the podcast, click on the arrow below:
The rapid spread of Internet-connected devices could lead to the irreversible erosion of privacy unless governments and product manufacturers act. That’s one of the conclusions of a new report from the University of California’s Berkeley Center for Long-Term Cybersecurity and the Internet of Things Privacy Forum. People are losing the ability to monitor and control the data so-called smart connected devices are collecting about them, says the report. We often don’t realize what is done with our data by other companies. The risks are not always clear, particularly as companies can combine data from different sources to infer an individual’s habits, movements, and even emotions.
The report says governments should regulate the privacy effects of the Internet of Things before mass sensor data collection becomes widespread. In addition, makers of connected products and services give buyers more data control.
There’s a link to the centre’s report in a more detailed story of mine at ITWorldCanada.com
What’s the price of not being ready for a ransomware attack? Plenty. In March I told you about an attack on the city of Atlanta. Well, it’s still trying to recover, because backup systems for its data as well as its production systems were locked. Security Week reports that the IT department will need $9.5 million this year to fix the damage. That’s on top of $3 million already spent. The city’s legal department alone lost more than 70 of its 77 computers and 10 years of legal documents. The police lost its dash-cam recordings archive. The lesson here is computer users at home and business IT administrators have to ensure their backup data recovery system can’t be infected. One way is to segregate the backup from the live network. Home users should beware of having a backup drive always connected to their computer. Backups also need to be scanned for possible infection.
Finally, the maritime industry has been warned that ships at sea are just as vulnerable to hacking as homes and businesses on land. A British penetration company did a test showing how possible it is to hijack the satellite communications systems on commercial ships. Often the weakness is a password like “1234.” And if the ship’s satellite system can be hacked you might be able to get into the vessel’s internal network. From there, researchers said, it is possible to get into a poorly protected electronic chart system and make a crew member drive the ship off course. And they proved it is possible to get into a ship’s operational network, which controls the steering and engine. These flaws can be overcome by securely-designed systems. Ship security is in its infancy the report concludes. Most of the problems found were fixed years ago in mainstream IT systems. So it’s time to get ship-shape.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.