The internet of things is here, and ever-expanding. Most see objects like cars and fridges that can send and receive data as cause for celebration. But few pay attention to the fact that these connected devices can be used for surreptitious surveillance, warned global cybersecurity expert Ray Boisvert.
“Our cars are spying on us. They have so much info about our personal habits and location. Who has access to it?” asked Mr. Boisvert, former assistant director at the Canadian Security Intelligence Service and now President and CEO of I-Sec Integrated Strategies. “There is no security perimeter,” he warned an audience of more than 100 business, academic and community leaders attending a cybersecurity talk on May 12, co-hosted by Simon Fraser University’s Public Square and Universities Canada.
The first hijacking of smart appliances has already happened, said Mr. Boisvert, citing the case of five million stoves and fridges that were hacked in a cyberattack against an unnamed organization. He warned that these types of attacks will multiply as the public’s appetite for connected devices increases.
“Will we see vehicles used as vectors in the next attack? Absolutely,” said Mr. Boisvert, explaining that as more people are stuck in gridlock, the more they’ll want the ability to check email, increasing the demand for connected cars.
Up until recently, cyberattacks focused on point-of-sale vectors such as retail outlets. But with higher value placed on personal information and intellectual property, institutions like health-care organizations and universities are now the favoured targets. “On the Dark Web, the most valuable commodity is personal identifiable information (PII). The richer and deeper the PII, the bigger the value is.”
But most organizations don’t know how large their actual network is and how they can protect it, giving an advantage to predators. The average “dwell time” for predators to go undetected on an organization’s network is 229 days, said Mr. Boisvert.
When Mr. Boisvert asked the audience how many of their organizations have fire drills, the majority of hands rose. “How many organizations practice cyber-breach drills?” Very few hands rose. “Yet, which is more likely, a fire at your place of work or a cyber intrusion?” he enquired.
He said cyber threats are not just the problem of an IT or HR department – they need to be dealt with at institutional level. “Everyone has a role to play, it’s not just the CIO’s (chief information officer’s) job,” said Mr. Boisvert. “We all need to pay attention.”
Mr. Boisvert’s recommendation for what organizations can to do to protect themselves can be viewed in its entirety on the Universities Canada’s Facebook video page.
The talk was part of Mindshare, a new speaker series hosted by universities across Canada in 2016 designed to promote fresh thinking and compelling conversations on policy issues critical to Canada’s future.
In April, a Mindshare event at the University of Alberta featured four national and international experts on the future of energy systems. The next talk is on June 17 featuring the Honourable Frank Iacobucci, former Supreme Court Justice and the lead negotiator for the Indian Residential Schools Settlement Agreement.
Future events will feature topics such as mobility and migration, water security, and the new Atlantic economy. The talks will be live-streamed on Facebook and live-tweeted under #Mindshare2016. For more information, visit www.univcan.ca/mindshare.