Webinar: IoT Devices Expanding Digital Footprints, Security Issues

We’ve seen a lot of discussion about the collective threat of the Internet-of-Things, ever since malicious actors proved in October 2016 that they could disrupt whole chunks of the Internet by stringing to together thousands of compromised smart devices and pointing them all at a single target.

The distributed denial-of-service (DDoS) attack against DNS provider Dyn led to a number of popular websites being unavailable throughout the U.S. and elsewhere, including Twitter, Netflix, Reddit, CNN, The New York Times, and many more. There have been other IoT-powered DDoS attacks, both before and after the Dyn attack, but that incident served as a the tipping point in many ways. For years security researchers had been warning of the poor security around insecure Internet-connected devices — from baby monitors to televisions to thermostats to vehicles — and the Dyn attack was the culmination of so many small insecurities being leveraged by malicious actors in a big way.

As I’ve written before, the core pillars of cyber threats are capability, intent, and opportunity. The billions of IoT devices making their way into homes and businesses provide an ample amount of opportunity for attackers, and it was only a matter of time before they exploited that opportunity.

Register for SurfWatch Labs’ webinar:
IoT Devices Expanding Your Level or Presence (and Your Digitital Risk Footprint)
Tuesday, March 28  
1:00 – 2:00 PM (ET)

IoT devices have potentially become the largest digital footprint NOT under proper security management. In addition, many reports have projected the number of Internet-connected devices to double or even triple within the next four years. It’s a concern for businesses, particularly since the devices often lack even basic cybersecurity features, but the issues stemming from IoT devices are not new or unique.

The security community has seen similar developments over the past 15 years, as I noted in my recent Security Week column, including Virtual Machines becoming the go-to technology in the early 2000s and BYOD beginning to be adopted later in the decade. In both cases, the digital footprints of organizations expanded, and security strategies had to evolve to match those risks. A similar effort needs to be taken in the face of IoT threats.

Take a look at this chart our threat analysts put together highlighting some of the top trending targets associated with IoT cyber threats over the past year. SurfWatch Labs has collected data on everything from cameras, routers and wearable devices to numerous “Other” tags such as home security systems, printers, light bulbs, and more.

SurfWatch Labs has collected data on dozens of different types of IoT devices that can be exploited by malicious actors.

And there continues to be more developments on the IoT front. Over just the past few weeks we’ve seen:

  • CIA exploits tied to smart devices, such as WikiLeaks’ claim that Samsung TVs can be placed in a “fake-off” mode and used as a bug to spy on targets.
  • The discovery of Imeij, a new IoT malware that exploits a vulnerability in devices from AVTech, a surveillance technology company,
  • New reported breaches related to IoT devices, such as CloudPets line of Internet-connected toys, on the heels of a study that revealed 84% of companies have already experienced some sort of IoT breach.

This is a problem that is likely going to get worse in the near future as more of these types of threats move from the periphery of the cybercrime conversation into center stage.

For more information on this threat join Kristi Horton, Senior Risk Analyst with Gate 15 & Real Estate ISAC, and myself, Chief Security Strategist with SurfWatch Labs, for an upcoming discussion around IOT device risks, trends, and best practices for pulling these devices under better control.

Register: IoT Devices Expanding Your Level or Presence (and Your Digitital Risk Footprint)

Author: Adam Meyer

Adam Meyer has served in leadership positions in the defense, technology, and critical infrastructure sectors for more than 15 years. Prior to joining SurfWatch Labs, Mr. Meyer was the Chief Information Security Officer (CISO) for the Washington Metropolitan Area Transit Authority, one of the largest public transportation systems in the United States. Preceding his role as a CISO, Mr. Meyer served as the Director of Information Assurance and Command IA Program Manager for the Naval Air Warfare Center, Naval Air Systems Command one of the Navy's premier engineering and acquisition commands.

One thought on “Webinar: IoT Devices Expanding Digital Footprints, Security Issues

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s