Hackers will try any point of entry they can find to access private data. In a recent interview with Techonomy, RSA Security’s Art Coviello said that the number of vulnerable access points—or what he calls the “attack surface”—is growing rapidly, with the number of digitally controlled devices connected to the Internet expected to reach 200 billion by the end of this decade. The New York Times reports that hackers recently breached the computer networks of a large oil company by implanting malware in the online menu of a Chinese restaurant favored by the company’s employees.
With increasingly sophisticated hackers targeting a proliferating volume of corporate data, our pervasive connectivity—through everything from heating and cooling systems to accounting software and even vending machines—presents a constant challenge to security experts. A tiny chink in a company’s data-security armor—often through a third-party system, as in the Chinese menu case—can give hackers a huge level of access. “We constantly run into situations where outside service providers connected remotely have the keys to the castle,” Vincent Berk, chief executive at network security firm FlowTraq, told the Times. Negligence and a failure to stay up-to-date lie at the core of such vulnerabilities. Hackers target companies that run older software and fail to update the default security settings on mundane devices like videoconferencing equipment and printers.