Connected Storage: the forgotten threat of IoT

Apr 05, 2018

When we talk about the security risks of IoT, we think of smart devices, driverless cars and PLCs. We don’t often think about Connected Storage - in fact many people are not even familiar with the term. 

What is Connected Storage?

When we talk about Connected Storage, we have in mind the devices that make information centrally accessible amongst a given network of people. In the most general sense it is a server. In a specific sense it has several guises: cloud storage; personal NAS drives; databases. 

It is no surprise that these types of devices are proliferating. Nowadays businesses cannot succeed unless they are able to share information widely and rapidly. But this constant flow of information introduces numerous cybersecurity risks. 

What are the risks of Connected Storage?

The risks of IoT are more obvious: threat actors could gain control of a power plant to plan an electricity outage or a nuclear meltdown; a criminal could hack into a smart car in order to carry out a break-in. 

The risks of Connected Storage are less clear. On the one hand, it presents a security risk in itself because it enables sharing. This constant flow of information introduces numerous opportunities for precious data to escape and be used against their owner. It’s not just the hacker lurking on the Dark Web that poses a risk to our information security, it is also the supplier who saves sensitive documents on an unsecure company server, or the consultant working from home who unwittingly backs up files onto a personal NAS drive. 

The second concern with Connected Storage is that it is not always secure. In addition to the traditional settings of data leaks, such as the Deep and Dark webs, CybelAngel is also scanning Connected Storage. We do this because we know that threat actors are already looking there. We have found sensitive documents (Blueprints, NDAs, PII) on unprotected Connected Storage. In some cases we have also witnessed such documents being traded on the Dark Web, covered in articles by investigative journalists, or used to plan cyber attacks (which our customers were thankfully able to avoid because we were able to warn them). 

The role of Connected Storage in negligence

In general, the discussion around the security risk of IoT is one which attracts a lot of alarm and few solutions. Connected Storage is an aspect of IoT which is often forgotten, despite the fact that it presents just as serious a security risk as industrial automation and smart devices. 

The landscape of cybersecurity is changing. The industry needs to recognize the threat of negligence alongside malevolence, and provide solutions to detect it. This means broadening the concept of “company infrastructure” beyond the internal perimeter, to encompass the Internet of Things. This means acknowledging the risk that Connected Storage poses to the security community, and doing something about it.