SlideShare a Scribd company logo

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)

Have you ever thought the perils of smart home devices? In this presentation we discuss the Internet of Things (IoT) and the concept of Bring Your Own Device (BYOD) and the security challenges and risks they can be to companies, systems, and ultimately to the mainframe.

1 of 45
Download to read offline
Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training.
Hack All The Way Through
from
Fridge To Mainframe
World Leading z Security Specialists
What to do
Summary and
Conclusions
Exposing the mainframeBYOD
IOT
Introduction and
Objectives
AGENDA
Who am I? A quick introduction…
RUI MIGUEL FEIO
• Senior Technical Lead at RSM Partners
• Based in the UK but travels all over the world
• 20 years experience working with mainframes
• Started with IBM as an MVS Sys Programmer
• Specialist in mainframe security
The Internet of Things
IoT – What is it?
• IoT stands for Internet of Things
• Term used to describe physical objects that
can communicate with each other and
complete tasks without any human
involvement having to take place.
• Examples:
– Vehicles, appliances, buildings, …
– Any item embedded with electronics,
software, sensors, and network
connectivity
IoT – Some numbers
• A study conduct by the Gartner says:
– More than 4.9 billion IoT
connected devices in 2015
– 6.4 billion IoT connected devices
in 2016
– More than 20 billion IoT
connected devices in 2020
• A CISCO report predicts there will be
50 billion IoT connected devices in
2020!
IoT – It’s here to stay
IoT – The problem
• Trendy fashionable devices are produced to appeal to the technical
savvy consumers
• But the manufacturers of IoT devices tend not to have security in
mind
• Some devices like routers, have the firmware customised by the
Internet Service Providers (ISP):
– Don’t allow firmware updates directly from the manufacturer
– Don’t provide customised updated versions of the firmware
IoT – This leads to…
IoT – And to…
IoT – And of course to…
IoT – Some numbers…
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
IoT and Cyber Crime
• HP study reveals 70% of IoT devices are vulnerable to attacks
• Cyber criminals are working on new techniques for getting through
the security of established organisations focusing on IoT:
– Home appliances
– Office equipment
– Smart devices
• IoT devices are easier to hack as they don’t have robust security
measures
IoT – How to hack?
• There are several resources available in the internet and dark web:
– Web sites
– Blogs
– Forums
– Software tools
– Scripts
– Vulnerabilities
– Specialised search engines
Shodan – The IoT Search Engine
https://www.shodan.io/
Shodan – An Example
IoT - The Head of US intelligence
IoT – The NSA Chief of TAO
IoT – “1984”, George Orwell
IoT – The Risk
• Your home network can be compromised by one of your own IoT
devices
• How secure are your IoT devices?
• How frequently do you update the firmware and software of the
devices?
• Are the IoT devices still supported by the manufacturer?
• You connect from home to your company’s network
• What will it happen if your home network is compromised?
• How long will it take for a hacker to exploit this security flaw?
IoT – The Risk @ Home
Bring Your Own Device
BYOD – What is it?
• BYOD stands for Bring Your Own
Device
• It’s becoming the standard which
allows employees to use their own
personal devices to access the
company’s network remotely, either
from their home location or from the
workplace
• Seen by companies as a way to reduce
costs
BYOD – Some numbers
• 59% of companies allow employees to use their own devices at
work, and another 13% plan to in the near future. (study from Tech
Pro Research)
• 87% of companies allow employees to use personal devices to
access business apps (study from Syntonic)
• A company can save an average of $350 per year for each
employee using their own devices (study from CISCO)
BYOD – The problem
• There are a large number of security risks:
– As the device is owned by the employee, it is also used for their
own personal use
– The organisation has limited control over the BYOD devices and
how they are used
– If the BYOD device becomes infected or compromised, the
attacker could use this as a platform to attack the company’s
network
BYOD – The problem
• There are a large number of security risks:
– Employees failing to complete security updates
– Employees using unsecured Wi-Fi connections
– Employee turnover
– Employees losing their devices
BYOD – This leads to…
BYOD – And to…
BYOD and Cyber Crime
• In the UK in a document entitled ”10 Steps to Cyber Security” the
GCHQ has advised businesses to consider banning bring your own
device (BYOD) because staff represent the "weakest link in the
security chain”
• Approximately 22% of the total number of mobile devices produced
will be lost or stolen during their lifetime, and over 50% of these
will never be recovered
• According to Kaspersky, 98% of identified mobile malware target
the Android platform, and the number of variants of malware for
Androids grew 163% in a single year
BYOD – The Risk
• A 2016 Ponemon Institute study reports:
– Negligent employees are seen as the greatest source of
endpoint risk
• Increased number of BYOD devices connected to the
network (including mobile devices)
• Use of commercial cloud applications in the workplace
• Security management control tasks become less efficient and more
difficult to implement, ‘creating holes’ that can be exploited by
hackers
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Exposing the Mainframe
IoT & BYOD vs The Mainframe
• Remember: the mainframe is just another platform residing in the
company’s network
• If the network is compromised the mainframe can be directly or
indirectly affected
• Using BYOD creates challenges to the company’s security team that
can be difficult to tackle
• You may think that your home network is secure; you update your
laptop with the latest security patches, antivirus and firewall
definitions, but… have you ever considered the IoT devices?
What to do?
What can be done?
• Manufacturers of IoT devices need to start focusing more on
security
• Governments must take lead in IoT security
• Companies and individuals need to be more security conscious and
consider the implications of BYOD and IoT
• Reducing costs on the short term can lead to great financial losses
in the medium and long term for everyone
What can be done?
• Strong security policies and rules need to be in place to ensure that
any BYOD device is security compliant
• Employees need to be educated about the risks and challenges of
both IoT and BYOD
• Managers and directors also need to be educated!! Money saving
now, can be a very costly thing in the future
• Have you ever imagined how a company’s image would be
affected if it’s IT security had been breached using a…
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
What if…
• A hacker compromises your IOT device…
• Your Fridge!!
• They have access to your WiFi network
• The are scanning your network and see your work laptop connected
• They manage to compromise your laptop
• You VPN into your corporate network
• They port scan and find telnet listening on port 23 for a DNS entry
called zOSProd
• And they just happen to know what z/OS is or they google zOSProd
or zOS TELNET
• Start reading and enjoy!!!
• I dont believe in scaring people, but this could happen!
Being more specific
• Evaluate device usage scenarios and investigate leading practices to
mitigate each risk scenario
• Invest in a mobile device management (MDM) solution to enforce
policies and monitor usage and access
• Enforce industry standard security policies as a minimum
• Set a security baseline
• Differentiate trusted and untrusted devise access
• Introduce more stringent authentication and access controls for
critical business apps.
• Add mobile device risk to the organisation’s awareness program
Summary and
Conclusions
But remember… We have Users...
But remember… We have Users...
A clear example…
Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training.
UK:
RSM House
Isidore Rd
Bromsgrove Enterprise Park
Bromsgrove
B60 3FQ
UK
T: +44 (0)1527 837767
E: info@rsmpartners.com
www.rsmpartners.com
US:
Suite 1600
222 So. 9th Street
Minneapolis MN 55402
US
T: +1 (612) 547-0089
E: info@rsmpartners.com
www.rsmpartners.com
Rui Miguel Feio
ruif@rsmpartners.com

Recommended

(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2Rui Miguel Feio
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)Rui Miguel Feio
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)Rui Miguel Feio
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)Rui Miguel Feio
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2Rui Miguel Feio
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)Rui Miguel Feio
 

More Related Content

What's hot

Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Rui Miguel Feio
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Rui Miguel Feio
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Rui Miguel Feio
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentHamilton Turner
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Competitive cyber security
Competitive cyber securityCompetitive cyber security
Competitive cyber securityWilliam Mathews
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)Rui Miguel Feio
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointBringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointHamilton Turner
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceCengage Learning
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesJeff Miller
 

What's hot (20)

Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
 
Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Ch01
Ch01Ch01
Ch01
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Cybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile EnvironmentCybersecurity Risks In the Mobile Environment
Cybersecurity Risks In the Mobile Environment
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Competitive cyber security
Competitive cyber securityCompetitive cyber security
Competitive cyber security
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointBringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android Endpoint
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
What's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing ConferenceWhat's New In CompTIA Security+ - Course Technology Computing Conference
What's New In CompTIA Security+ - Course Technology Computing Conference
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
 

Similar to (2019) Hack All the Way Through From Fridge to Mainframe (v0.2)

All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesJohn D. Johnson
 
IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019John D. Johnson
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT Ahmed Banafa
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintSurfWatch Labs
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security:  IBM HorizonWatch 2016 Trend BriefInternet of Things Security:  IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefBill Chamberlin
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxpdevang
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)Jackson Shaw
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Views and myths of IoT
Views and myths of IoTViews and myths of IoT
Views and myths of IoTAhmed Banafa
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdfRakeshPatel583282
 

Similar to (2019) Hack All the Way Through From Fridge to Mainframe (v0.2) (20)

All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
 
IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
 
IoT -Internet of Things
IoT -Internet of ThingsIoT -Internet of Things
IoT -Internet of Things
 
IoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital FootprintIoT Devices Expanding Your Digital Footprint
IoT Devices Expanding Your Digital Footprint
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security:  IBM HorizonWatch 2016 Trend BriefInternet of Things Security:  IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
IoT security
IoT securityIoT security
IoT security
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
 
Assign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptxAssign 1_8812814ctm.pptx
Assign 1_8812814ctm.pptx
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
IoT.ppt
IoT.pptIoT.ppt
IoT.ppt
 
Views and myths of IoT
Views and myths of IoTViews and myths of IoT
Views and myths of IoT
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 

More from Rui Miguel Feio

RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)Rui Miguel Feio
 
2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)Rui Miguel Feio
 
2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)Rui Miguel Feio
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Rui Miguel Feio
 
Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Rui Miguel Feio
 
The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)Rui Miguel Feio
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Rui Miguel Feio
 

More from Rui Miguel Feio (8)

RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
 
2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)
 
2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)
 
Cybercrime Inc. v2.2
Cybercrime Inc. v2.2Cybercrime Inc. v2.2
Cybercrime Inc. v2.2
 
Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)
 
The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
 

Recently uploaded

Key projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AIKey projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AIVijayananda Mohire
 
iOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingeriOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingerssuser9354ce
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...ShapeBlue
 
Q4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdfQ4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdfTejal81
 
Mastering Play Store App Listing and Optimization
Mastering Play Store App Listing and OptimizationMastering Play Store App Listing and Optimization
Mastering Play Store App Listing and OptimizationAppsthentic Technology
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueShapeBlue
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...James Anderson
 
Why Disability Justice should be at the core of your digital accessibility jo...
Why Disability Justice should be at the core of your digital accessibility jo...Why Disability Justice should be at the core of your digital accessibility jo...
Why Disability Justice should be at the core of your digital accessibility jo...Modality Co
 
Low Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsLow Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsScyllaDB
 
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024BookNet Canada
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubShapeBlue
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceVijayananda Mohire
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...ShapeBlue
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarThousandEyes
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxAI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxUdaiappa Ramachandran
 
PrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyPrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyMustafa Kuğu
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024ThousandEyes
 
software-quality-assurance question paper 2023
software-quality-assurance question paper 2023software-quality-assurance question paper 2023
software-quality-assurance question paper 2023RohanMistry15
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriSafe Software
 

Recently uploaded (20)

Key projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AIKey projects in AI, ML and Generative AI
Key projects in AI, ML and Generative AI
 
iOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostingeriOncologi_Pitch Deck_2024 slide show for hostinger
iOncologi_Pitch Deck_2024 slide show for hostinger
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
 
Q4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdfQ4 2023 Quarterly Investor Presentation - FINAL.pdf
Q4 2023 Quarterly Investor Presentation - FINAL.pdf
 
Mastering Play Store App Listing and Optimization
Mastering Play Store App Listing and OptimizationMastering Play Store App Listing and Optimization
Mastering Play Store App Listing and Optimization
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
 
Sue Loth: Job Search Strategies using personal connections
Sue Loth: Job Search Strategies using personal connectionsSue Loth: Job Search Strategies using personal connections
Sue Loth: Job Search Strategies using personal connections
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
 
Why Disability Justice should be at the core of your digital accessibility jo...
Why Disability Justice should be at the core of your digital accessibility jo...Why Disability Justice should be at the core of your digital accessibility jo...
Why Disability Justice should be at the core of your digital accessibility jo...
 
Low Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & PitfallsLow Latency at Extreme Scale: Proven Practices & Pitfalls
Low Latency at Extreme Scale: Proven Practices & Pitfalls
 
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
Trending now: Book subjects on the move in the Canadian market - Tech Forum 2024
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial Intelligence
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
 
AMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes WebinarAMER Introduction to ThousandEyes Webinar
AMER Introduction to ThousandEyes Webinar
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxAI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptx
 
PrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5CompanyPrismCRM-RealEstate-SalesCRM_byCode5Company
PrismCRM-RealEstate-SalesCRM_byCode5Company
 
New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024New ThousandEyes Product Features and Release Highlights: February 2024
New ThousandEyes Product Features and Release Highlights: February 2024
 
software-quality-assurance question paper 2023
software-quality-assurance question paper 2023software-quality-assurance question paper 2023
software-quality-assurance question paper 2023
 
Geospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & EsriGeospatial Synergy: Amplifying Efficiency with FME & Esri
Geospatial Synergy: Amplifying Efficiency with FME & Esri
 

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)

  • 1. Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training. Hack All The Way Through from Fridge To Mainframe World Leading z Security Specialists
  • 2. What to do Summary and Conclusions Exposing the mainframeBYOD IOT Introduction and Objectives AGENDA
  • 3. Who am I? A quick introduction… RUI MIGUEL FEIO • Senior Technical Lead at RSM Partners • Based in the UK but travels all over the world • 20 years experience working with mainframes • Started with IBM as an MVS Sys Programmer • Specialist in mainframe security
  • 5. IoT – What is it? • IoT stands for Internet of Things • Term used to describe physical objects that can communicate with each other and complete tasks without any human involvement having to take place. • Examples: – Vehicles, appliances, buildings, … – Any item embedded with electronics, software, sensors, and network connectivity
  • 6. IoT – Some numbers • A study conduct by the Gartner says: – More than 4.9 billion IoT connected devices in 2015 – 6.4 billion IoT connected devices in 2016 – More than 20 billion IoT connected devices in 2020 • A CISCO report predicts there will be 50 billion IoT connected devices in 2020!
  • 7. IoT – It’s here to stay
  • 8. IoT – The problem • Trendy fashionable devices are produced to appeal to the technical savvy consumers • But the manufacturers of IoT devices tend not to have security in mind • Some devices like routers, have the firmware customised by the Internet Service Providers (ISP): – Don’t allow firmware updates directly from the manufacturer – Don’t provide customised updated versions of the firmware
  • 9. IoT – This leads to…
  • 10. IoT – And to…
  • 11. IoT – And of course to…
  • 12. IoT – Some numbers…
  • 14. IoT and Cyber Crime • HP study reveals 70% of IoT devices are vulnerable to attacks • Cyber criminals are working on new techniques for getting through the security of established organisations focusing on IoT: – Home appliances – Office equipment – Smart devices • IoT devices are easier to hack as they don’t have robust security measures
  • 15. IoT – How to hack? • There are several resources available in the internet and dark web: – Web sites – Blogs – Forums – Software tools – Scripts – Vulnerabilities – Specialised search engines
  • 16. Shodan – The IoT Search Engine https://www.shodan.io/
  • 17. Shodan – An Example
  • 18. IoT - The Head of US intelligence
  • 19. IoT – The NSA Chief of TAO
  • 20. IoT – “1984”, George Orwell
  • 21. IoT – The Risk • Your home network can be compromised by one of your own IoT devices • How secure are your IoT devices? • How frequently do you update the firmware and software of the devices? • Are the IoT devices still supported by the manufacturer? • You connect from home to your company’s network • What will it happen if your home network is compromised? • How long will it take for a hacker to exploit this security flaw?
  • 22. IoT – The Risk @ Home
  • 23. Bring Your Own Device
  • 24. BYOD – What is it? • BYOD stands for Bring Your Own Device • It’s becoming the standard which allows employees to use their own personal devices to access the company’s network remotely, either from their home location or from the workplace • Seen by companies as a way to reduce costs
  • 25. BYOD – Some numbers • 59% of companies allow employees to use their own devices at work, and another 13% plan to in the near future. (study from Tech Pro Research) • 87% of companies allow employees to use personal devices to access business apps (study from Syntonic) • A company can save an average of $350 per year for each employee using their own devices (study from CISCO)
  • 26. BYOD – The problem • There are a large number of security risks: – As the device is owned by the employee, it is also used for their own personal use – The organisation has limited control over the BYOD devices and how they are used – If the BYOD device becomes infected or compromised, the attacker could use this as a platform to attack the company’s network
  • 27. BYOD – The problem • There are a large number of security risks: – Employees failing to complete security updates – Employees using unsecured Wi-Fi connections – Employee turnover – Employees losing their devices
  • 28. BYOD – This leads to…
  • 29. BYOD – And to…
  • 30. BYOD and Cyber Crime • In the UK in a document entitled ”10 Steps to Cyber Security” the GCHQ has advised businesses to consider banning bring your own device (BYOD) because staff represent the "weakest link in the security chain” • Approximately 22% of the total number of mobile devices produced will be lost or stolen during their lifetime, and over 50% of these will never be recovered • According to Kaspersky, 98% of identified mobile malware target the Android platform, and the number of variants of malware for Androids grew 163% in a single year
  • 31. BYOD – The Risk • A 2016 Ponemon Institute study reports: – Negligent employees are seen as the greatest source of endpoint risk • Increased number of BYOD devices connected to the network (including mobile devices) • Use of commercial cloud applications in the workplace • Security management control tasks become less efficient and more difficult to implement, ‘creating holes’ that can be exploited by hackers
  • 34. IoT & BYOD vs The Mainframe • Remember: the mainframe is just another platform residing in the company’s network • If the network is compromised the mainframe can be directly or indirectly affected • Using BYOD creates challenges to the company’s security team that can be difficult to tackle • You may think that your home network is secure; you update your laptop with the latest security patches, antivirus and firewall definitions, but… have you ever considered the IoT devices?
  • 36. What can be done? • Manufacturers of IoT devices need to start focusing more on security • Governments must take lead in IoT security • Companies and individuals need to be more security conscious and consider the implications of BYOD and IoT • Reducing costs on the short term can lead to great financial losses in the medium and long term for everyone
  • 37. What can be done? • Strong security policies and rules need to be in place to ensure that any BYOD device is security compliant • Employees need to be educated about the risks and challenges of both IoT and BYOD • Managers and directors also need to be educated!! Money saving now, can be a very costly thing in the future • Have you ever imagined how a company’s image would be affected if it’s IT security had been breached using a…
  • 39. What if… • A hacker compromises your IOT device… • Your Fridge!! • They have access to your WiFi network • The are scanning your network and see your work laptop connected • They manage to compromise your laptop • You VPN into your corporate network • They port scan and find telnet listening on port 23 for a DNS entry called zOSProd • And they just happen to know what z/OS is or they google zOSProd or zOS TELNET • Start reading and enjoy!!! • I dont believe in scaring people, but this could happen!
  • 40. Being more specific • Evaluate device usage scenarios and investigate leading practices to mitigate each risk scenario • Invest in a mobile device management (MDM) solution to enforce policies and monitor usage and access • Enforce industry standard security policies as a minimum • Set a security baseline • Differentiate trusted and untrusted devise access • Introduce more stringent authentication and access controls for critical business apps. • Add mobile device risk to the organisation’s awareness program
  • 42. But remember… We have Users...
  • 43. But remember… We have Users...
  • 45. Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training. UK: RSM House Isidore Rd Bromsgrove Enterprise Park Bromsgrove B60 3FQ UK T: +44 (0)1527 837767 E: info@rsmpartners.com www.rsmpartners.com US: Suite 1600 222 So. 9th Street Minneapolis MN 55402 US T: +1 (612) 547-0089 E: info@rsmpartners.com www.rsmpartners.com Rui Miguel Feio ruif@rsmpartners.com