Definitely Worth Reading if You Have Company Devices Connected to the Internet
Have you ever heard of Google? Of course you have. That’s how you find things on the internet, right?
Have you ever heard of Shodan? The odds are excellent that you haven’t.
Shodan is a search engine that crawls the web 24 hours a day, and it looks for all the other “stuff” that’s connected to the internet – network routers, servers, cameras, printers, you name it. It collects information on over 500 million devices that use the internet to communicate with something else. So, everything from refrigerators to print servers to traffic lights to sewage pump plants to home security systems to company networks.
Cyber-security experts at Shodan have discovered a stunning amount of these things accessible from any computer on the internet have “admin” as their user name login, and something simple like “1234” or “Password1” as their password. Even things like the traffic grid of a large city in the US, or the digital document network of a large manufacturing company in Germany. Not to mention thousands of security systems for private homes and small companies. All there for someone with mischievous or criminal intent to do what they want with these systems.
Fortunately, Shodan is run by good guys, people who set it up as a utility for internet security. Unfortunately, any bad guy has access to platforms like Shodan that are connected by or through botnets, which can do the same things as Shodan, and also do those things without detection.
Why are all these things so readily available on the internet? Because it’s easier than connecting the device or the platform directly in a closed, secure environment. And, the person doing the connecting, whether it’s an IT professional or someone running their own company, believes in the premise of “security through obscurity”. That is, no one will be able to find it among all the billions of other data points on the internet, so therefore it’s pretty safe.
It isn’t, of course.
If you recognize yourself or your company when you read this, this is your heads-up. If you’re not going to take the time to connect something directly, at least give that device or platform the most secure user name and password combination you can think of. Any combination can be cracked, but hackers generally move on if something is taking too long. There are too many other easy targets. It’s like the analogy of ten houses on a street in an expensive neighborhood. One of the houses has two gigantic, snarling Rottweilers in it, which can be seen through the windows. Is a would-be burglar going to try that house first? No, he’s not. He’s going to try those other nine houses first, before trying to get past those big dogs.
Use a good user name/password combination. If you have an IT person for your business, ask them how good the security is around anything connected through the internet. Ask them about passwords. Ask them about the cost and/or the hassle of connecting directly, or at least though an encrypted connection.
Don’t be a victim, make someone work to breach your system.