Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IoT Devices Expanding Your Digital Footprint


Published on

Network-enabled or "smart" IOT devices are commonplace these days, with commercial and residential buildings having smart light bulbs, smart locks, DVRs, security cameras and more. The potential of having multiple devices per building potentially translates into the largest digital footprint that is NOT under proper security management.

Published in: Technology
  • Be the first to comment

IoT Devices Expanding Your Digital Footprint

  1. 1. IOT Devices Expanding Your Level of Presence (and Your Digital Risk Footprint)
  2. 2. Today’s Speakers Adam Meyer Chief Security Strategist SurfWatch Labs 2 Kristi Horton Chief Security Strategist Gate 15 & Real Estate ISAC
  3. 3. Understanding the IoT Security Challenge 3 • Network-enabled or "smart" IOT devices are commonplace • The potential of having numerous devices per building potentially translates into the largest digital footprint that is NOT under proper security management
  4. 4. Classes of IoT Devices Operational Technology • Home and Building Automation: Remote management, smart appliances • Smart Energy: Climate control, smart meters, smart plugs, smart light bulbs • Security and Safety: Cameras, doors, etc. • Multimedia: Smart TVs, DVRs, voice automation (i.e. Alexa, Echo, Siri), etc. • Industrial Infrastructure Information Technology • Mobile Devices: iPads, iPhones, Android phones and tablets • Wearables: Activity trackers, heart rate, breathing rate, Smart watches 4
  5. 5. The Age of the “Smart” Building 5 • The more IoT-enabled devices and the greater the interconnectivity between various building systems, the more detailed and sensitive the data that will be captured. • According to IDC forecasts, 40 percent of the information in the digital universe requires some level of protection, but only half of that data is protected.
  6. 6. Your Expanding Digital Footprint I.e. LED lighting, HVAC and physical security systems, will take the lead as connectivity is driven into higher-volume, lower cost devices 6 I.e. Smart meters and specific industry devices such as manufacturing field devices, process sensors for electrical generating plants and real-time location devices for healthcare
  7. 7. Trending IoT Targets From the Last Year 7
  8. 8. IoT Threat Examples 8 Chinese Hacking of US Chamber of Commerce includes IoT Devices - Reported in Dec 2011 • Chamber of Commerce thermostat was communicating with a computer in China • Another time, chamber employees were surprised to see one of their printers printing in Chinese
  9. 9. IoT Threat Examples 9 Rise of the IoT Botnets • Proliferation of devices • DDoS attacks • Ease of weaponization – ala Mirai, which weaponizes vulnerable IoT devices Distribution of Mirai Botnet in October attack
  10. 10. IoT Botnets Driving a Surge in Service Interruption 10 The percent of negative CyberFacts related to “service interruption” surged in the fourth quarter of 2016 due to attacks and concern around Mirai and other IoT-powered botnets.
  11. 11. Latest IoT Threat 11 Imeij IoT Malware Targets AVTech Devices • ELF_IMEIJ.A, aka Imeij leverages the RFI exploit • Targets Linux-based ARM devices and gathers info on the infected device, sends it to a remote server and launches DDoS attacks on demand • Botnet operators can also clean the device and remove the malware • 130,000+ AVTech devices currently exposed online
  12. 12. What’s Next for IoT Threats? 12 The Security Challenge Will Only Increase as More IoT Devices are Used • Many organizations don’t have a good handle on their level of presence - DDoS attacks will continue until they become less successful (Cybercriminals follow the path of least resistance and most money) - Cybercriminals are always looking for new opportunities • As-a-service attack capabilities for sale on the Dark Web right now
  13. 13. What You Should Do to Reduce Your Uncontrolled IoT Footprint 13 Designate Clear Ownership and Accountability • Who owns IoT devices? - Single owner? - Shared owner via more agile DevOps model? • Who else should be involved in management of these devices? - IT? - Security? - Facilities?
  14. 14. What You Should Do to Reduce Your Uncontrolled IoT Footprint 14 Define and Enforce IoT Management Policies • Treat “smart” devices (i.e. smart light bulb) as an IT asset that is networked • Define and enforce what data needs to be kept secure and the devices that interact, use or store that data • Segment your network to minimize impact of a breach and for resiliency purposes - Think about the payload delivery of malware (opportunity) – path of least resistance to achieve a level of presence - Adversaries gain access in a non-vital zone and pivot into a vital zone
  15. 15. What You Should Do to Reduce Your Uncontrolled IoT Footprint 15 Things You Can Do Now … So You’re Not Overwhelmed Later • Take stock of your software and devices • Leverage security solutions that can: - Monitor network protocols and Internet traffic for threats - Proactively detect malware at the endpoint • Stay current and aware of relevant cyber threats within this technology area and ensure you have visibility of risks within your digital supply chain and your business • Incorporate IoT security risks into your incident response and legal processes
  16. 16. Q&A and Additional SurfWatch Labs Resources 16 SurfWatch Cyber Advisor: SurfWatch Threat Analyst: Dark Web Intelligence: Personalized SurfWatch Demo: Strategic and Operational Threat Intelligence