The Internet of Things or The Internet of Trouble?

Blog Date:  11/21/2016
Author:  Ray Coulombe
Category(s):  Cyber Security

While attending SIA’s October Securing New Ground Conference, I was asked to moderate a session on the Internet of Things. Not quite sure what that means? Well, do you have a pacemaker? How about a DVR? The Internet of Things (IoT) refers to the billions of connected devices in our world—some say up to 200 billion devices will be connected by 2020.

But what does this mean for our future? First, some new startups don’t think information stored on devices is as sensitive as information stored on standard computers, so security isn’t applied in the same ways. Also, investors don’t seem to care too much about security, as they’re more interested in the functionality of the product. This type of misguided thinking is what leads to major hacks and data breaches, because yes, all connected devices represent some sort of security vulnerability.

For starters, get used to hearing the term “DDoS” or a Distributed Denial of Service attack. This means that infected devices will be recruited as part of botnets that will shut down websites by receiving huge amounts of traffic. Any connected device is susceptible to this kind of attack.

While some efforts to address the security issues of these new devices are being initiated—like a labeling system for IoT devices that are approved and secure—millions (or billions) of devices will be deployed in an unsecure state.

So, do we ignore the potential opportunities and benefits that the IoT provides? It’s almost a moot point, as the train has already left the station.

Instead, security leaders should recognize the full potential threat environment faced by their customers by surveying the array of connected devices. Procedures for determining whether these devices should even be connected represent an important piece to protection, since the most innocuous IoT devices (e.g., a refrigerator) may pose the biggest risks. Secure security passwords should be mandated, even inherent, for all devices. And organizations should be sensitized to the threat and should commit to incorporating proper device deployment and configuration into their standard security operating procedures.

For those who develop and market connected devices, Rodney Thayer of Smithee, Spelvin, Agnew & Plinge offers, "Without sound engineering, the Internet of Things becomes the Internet of Trouble. It's not necessarily that we need new ideas, but we must address the gaps in practicing the engineering and deployment techniques we already know work. Vendors are cutting corners on software and protocol engineering, and at IoT-scale this can have disastrous results."


Resource Blogs

Most Recent Blogs Listed for Ray Coulombe.


Stay Safe! While Traveling This Summer

It’s summer vacation time! The last thing you need to worry about it is getting your identity stolen while you’re sitting on a beach somewhere exotic. In 2016, more than 15 million Americans were victims of identity theft, up 16 percent from the previous year, according to Experian. Plus, about 33 percent of that fraud took place when people were traveling. Here’s a few tips to staying safe all summer while traveling...
read more -->


Rethinking Cabling

Cat 5e became an ANSI/TIA/EIA standard in 2001, Cat 6 in 2002, and Cat 6a in 2008. However, it may be extremely useful to consider taking advantage of other existing cabling infrastructure in lieu of running new. Read more to learn how to approach cabling.
read more -->


Off the Beaten Path at ISC West

This year at ISC (the International Security Conference and Exposition), I was determined to try to see the latest iStechnologies hiding in the nooks and crannies—literally! I visited booths in the back, the basement, small kiosks hidden inside larger vendor books, and throughout the Emerging Technology Zone.

In case you missed the show, I’ll round up some of the best new technologies and companies to keep an eye on. Read more.
read more -->


Cyber Crime Taking Down Cities

Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. Read how ransomware impacted this metropolitan area.
read more -->


A Few Thoughts on K-12 School Security

There is no one size fits all when it comes to K-12 school security. Schools vary in so many ways: size, age, local environment, affluence, culture, governance, and more. Read some helpful tips and resources that might just help your school be better prepared.
read more -->