AI and the cyber security risks of connected catering equipment
The FEA warns that new AI enhanced hacking tools underline importance of cybersecurity and urge companies to be vigilant
The Foodservice Equipment Association (FEA) is urging companies to be vigilant and take actions to reduce the increased threat to cybersecurity caused by AI.
There’s been a big push for kitchen connectivity in recent years, with manufacturers, dealers and, increasingly, foodservice operators understanding the enormous benefits it can bring, for example in terms of improved performance and reliability of equipment. However, AI has become one of the hot topics of late with the emergence of tools like ChatGPT and systems that can generate audio and video.
With indications that these are being used by criminals to hack networks and systems, FEA is urging companies to be vigilant and take actions to ensure any equipment using network connectivity remains secure.
This issue is something many companies have been engaging with following the introduction of the Product Security and Telecommunications Infrastructure Act in April this year. This requires connectable products to comply with baseline security requirements, including banning universal default and easily guessable passwords, publishing information on how to report security issues and minimising security update periods. Many countries around the world have legislation requiring companies and organisations to report security breaches within a required timescale. In the UK significant data breaches have to be reported within certain periods of time depending on the type of data breach. Companies who operate internationally should be aware that the time period may be different for different countries and need to be aware of country specific legislative requirements.
While these measures will undoubtedly help to improve information security, the emergence of AI tools could give hackers potential advantages as they continue to try and find ways to compromise computer systems.
Figures show that cyberattacks have increased dramatically over the past year, and the availability of AI tools is likely to be one of the causes behind this. The ability to automate scanning networks for vulnerabilities in the code as well as identifying staff accounts to target for attempts at compromising passwords makes it far easier to cast a wider net.
Despite these new methods, the main vector for gaining access to secure networks is still down to users interacting with phishing emails and text messages or malicious links in websites. Regular staff training and frequent reminders about best practice should form a key part of a company’s cybersecurity policy alongside ensuring adequate security systems are in place. This is particularly important considering the difficulty of tracing and identifying anyone compromising your systems, let alone prosecuting them. The priority for cybersecurity procedures should remain focused on maintaining the integrity of your networks, as well as ensuring you are able to trace where and how any breaches occur to fix them as quickly as possible.
“Hackers have always been very good at locating and exploiting vulnerabilities in computer systems,” says Andy Threlfall, Technical and Policy Director of FEA. “The emergence of AI technology in recent years can allow them to discover weaknesses far more quickly, underlining the importance of keeping systems updated and patched as well as providing staff with regular training to make sure they are aware of and working to best practice when using networked systems.”
You may also be interested in…
