Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IOT & BYOD – The New Security Risks (v1.1)

425 views

Published on

In a world ever more connected to the internet, Security should be paramount. However, to keep pace with the new trends and technologies, companies and individuals, overlook the importance of security and the risks this poses.

In this presentation we discuss the Internet of Things (IoT) and the concept of Bring Your Own Device (BYOD) and the security challenges and risks they can be to companies, systems, and ultimately to the mainframe.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

IOT & BYOD – The New Security Risks (v1.1)

  1. 1. Delivering the best in z services, so2ware, hardware and training. Delivering the best in z services, so2ware, hardware and training. World Class z Specialists IoT & BYOD - The New Security Risks Rui Miguel Feio – Security Lead
  2. 2. Agenda •  Introduc:on •  The Internet Of Things (IoT) •  Bring Your Own Device (BYOD) •  Exposing the Mainframe •  On a nice Sunday morning… •  What to Do? •  References and Resources •  Ques:ons?
  3. 3. Introduc:on - Rui Feio –  Security lead at RSM Partners –  Been working with mainframes for the past 17 years –  Started as an MVS Systems Programmer with IBM –  Specialises in mainframe security –  Experience in non-mainframe plaUorms as well –  Been given presenta:ons all over the world
  4. 4. The Internet of Things
  5. 5. IoT – What is it? –  IoT stands for Internet of Things –  Term used to describe physical objects that can communicate with each other and complete tasks without any human involvement having to take place. –  Examples: •  Vehicles, appliances, buildings, … •  Any item embedded with electronics, so2ware, sensors, and network connec:vity
  6. 6. IoT – Some numbers •  A study conduct by the Gartner says: –  More than 4.9 billion IoT connected devices in 2015 –  6.4 billion IoT connected devices in 2016 –  More than 20 billion IoT connected devices in 2020 •  A CISCO report predicts there will be 50 billion IoT connected devices in 2020!
  7. 7. IoT – It’s here to stay
  8. 8. IoT – The problem •  Trendy fashionable devices are produced to appeal to the technical savvy consumers •  But the manufacturers of IoT devices tend not to have security in mind •  Some devices like routers, have the firmware customised by the Internet Service Providers (ISP): –  Don’t allow firmware updates directly from the manufacturer –  Don’t provide customised updated versions of the firmware
  9. 9. IoT – This leads to…
  10. 10. IoT – And to…
  11. 11. IoT – And even to…
  12. 12. IoT and Cyber Crime •  HP study reveals 70% of IoT devices are vulnerable to afacks •  Cyber criminals are working on new techniques for gehng through the security of established organisa:ons focusing on IoT: –  Home appliances –  Office equipment –  Smart devices •  IoT devices are easier to hack as they don’t have robust security measures
  13. 13. IoT – How to hack? •  There are several resources available in the internet and dark web: –  Web sites –  Blogs –  Forums –  So2ware tools –  Scripts –  Vulnerabili:es –  Specialised search engines
  14. 14. Shodan – The IoT Search Engine hAps://www.shodan.io/
  15. 15. Shodan – An Example
  16. 16. IoT - The Head of US intelligence
  17. 17. IoT – The NSA Chief of TAO
  18. 18. IoT – The Risk •  Your home network can be compromised by one of your own IoT devices •  How secure are your IoT devices? •  How frequently do you update the firmware and so2ware of the devices? •  Are the IoT devices s:ll supported by the manufacturer? •  You connect from home to your company’s network •  What will it happen if your home network is compromised? •  How long will it take for a hacker to exploit this security flaw?
  19. 19. IoT – The Risk @ Home
  20. 20. Bring Your Own Device
  21. 21. BYOD – What is it? •  BYOD stands for Bring Your Own Device •  It’s becoming the standard which allows employees to use their own personal devices to access the company’s network remotely, either from their home loca:on or from the workplace •  Seen by companies as a way to reduce costs
  22. 22. BYOD – Some numbers A study from Gartner: •  38% of US CIOs were expected to support BYOD by the end of 2012 •  82% of surveyed companies in 2013 allowed some or all workers to use employee-owned devices •  By 2017 half of all employers will u:lise BYOD devices to reduce costs and increase usability in the work place.
  23. 23. BYOD – The problem •  There are a large number of security risks: –  As the device is owned by the employee, it is also used for their own personal use –  The organisa:on has limited control over the BYOD devices and how they are used –  If the BYOD device becomes infected or compromised, the afacker could use this as a plaUorm to afack the company’s network
  24. 24. BYOD – This leads to…
  25. 25. BYOD – And to…
  26. 26. BYOD and Cyber Crime •  In the UK in a document en:tled ”10 Steps to Cyber Security” the GCHQ has advised businesses to consider banning bring your own device (BYOD) because staff represent the "weakest link in the security chain” •  Approximately 22% of the total number of mobile devices produced will be lost or stolen during their life:me, and over 50% of these will never be recovered •  According to Kaspersky, 98% of iden:fied mobile malware target the Android plaUorm, and the number of variants of malware for Androids grew 163% in 2012 compared with 2011.
  27. 27. BYOD – The Risk •  A 2015 Ponemon Ins:tute study reports: –  Negligent employees are seen as the greatest source of endpoint risk •  Increased number of BYOD devices connected to the network (including mobile devices) •  Use of commercial cloud applica:ons in the workplace •  Security management control tasks become less efficient and more difficult to implement, ‘crea:ng holes’ that can be exploited by hackers
  28. 28. BYOD – The Risk of Mobile devices
  29. 29. Exposing the Mainframe
  30. 30. IoT & BYOD vs The Mainframe •  Remember: the mainframe is just another plaUorm residing in the company’s network •  If the network is compromised the mainframe can be directly or indirectly affected •  Using BYOD creates challenges to the company’s security team that can be difficult to tackle •  You may think that your home network is secure; you update your laptop with the latest security patches, an:virus and firewall defini:ons, but… have you ever considered the IoT devices?
  31. 31. On a nice Sunday Morning…
  32. 32. On a nice Sunday morning…
  33. 33. On its TV screen facing the street
  34. 34. What to do?
  35. 35. What can be done? •  Manufacturers of IoT devices need to start focusing more on security •  Governments must take lead in IoT security •  Is an IoT watchdog needed? •  Companies and individuals need to be more security conscious and consider the implica:ons of BYOD and IoT •  Reducing costs on the short term can lead to great financial losses in the medium and long term for everyone
  36. 36. What can be done? •  Strong security policies and rules need to be in place to ensure that any BYOD device is security compliant •  Employees need to be educated about the risks and challenges of both IoT and BYOD •  Managers and directors also need to be educated!! Money saving now, can be a very costly thing in the future •  Have you ever imagined how a company’s image would be affected if it’s IT security had been breached using a…....
  37. 37. What if….. •  A hacker compromises your IOT device…. •  Your Fridge!! •  They have access to your WiFi network •  The are scanning your network and see your work laptop connected •  They manage to compromise your laptop •  You VPN into your coporate network •  They port scan and find telnet listening on port 23 for a DNS entry called zOSProd •  And they just happen to know what z/OS is or they google zOSProd or zOS TELNET •  Start reading and enjoy!!! •  I dont believe in scaring people, but this could happen!
  38. 38. Being more specific •  Evaluate device usage scenarios and inves:gate leading prac:ces to mi:gate each risk scenario. •  Invest in a mobile device management (MDM) solu:on to enforce policies and monitor usage and access. •  Enforce industry standard security policies as a minimum •  Set a security baseline •  Differen:ate trusted and untrusted devise access •  Introduce more stringent authen:ca:on and access controls for cri:cal business apps. •  Add mobile device risk to the organisa:on’s awareness program.
  39. 39. References & Resources
  40. 40. References & Resources •  “Six things you should know about the Internet of Things”, TechRadar •  Gartner: hfp://www.gartner.com •  Ars Technica: hfp://arstechnica.com •  MIT Technology Review: hfps://www.technologyreview.com •  Alphr: hfp://www.alphr.com/ •  HP Community Enterprise: hfp://community.hpe.com/ •  CIO: hfp://www.cio.co.uk •  EE Times: hfp://www.ee:mes.com •  Computer Weekly: hfp://www.computerweekly.com •  CISCO: hfp://www.cisco.com •  Exact Trak: hfp://www.exacfrak.com •  Ponemon Ins:tute: hfp://www.ponemon.org
  41. 41. Ques:ons?
  42. 42. Rui Miguel Feio, RSM Partners ruif@rsmpartners.com mobile: +44 (0) 7570 911459 linkedin: www.linkedin.com/in/rfeio www.rsmpartners.com Contact

×