SlideShare a Scribd company logo

Internet of Things - A Different Kind of Scary v2

FitCEO, Inc. (FCI)
FitCEO, Inc. (FCI)
1 of 3
Download to read offline
Restricting Authenticating Tracking User Access? Time Is Not On Our Side! 1- IoT Medical Device Threats: http://resources.infosecinstitute.com/hcking-implantable-medical-devices/ 2- IoT Car Threats: http://www.welivesecurity.com/2015/02/10/senator-car-hacking/ and http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ 3 -Cyber Attack on a Steel Mill in Germany: https://securityintelligence.com/german-steel-mill-meltdown-rising-stakes-in-the-internet-of-things/ 4 -2014 HP Fortify Internet of Things Research Report: http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pd 12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191 The Internet of Things (IoT) is pretty scary. We’re not talking identity theft or criminals making money from hacking kind of scary - we’re talking about life-threatening scary. IoT devices are everywhere, quietly performing critical functions in the medi- cal, engineering, and industrial fields (to name a few). For example, insulin pumps disperse life-saving insulin for people suffering from diabetes. Howev- er, if a criminal breaches one of these devices, it is possible to trigger the pump to disperse a major dose of insulin, killing the patient(1). Or, criminals could gain access to your car’s IoT and take control(2) of it while you drive! A major IoT attack occurred in a German steel mill(3) just last year. According to reports, the criminals began with social engineering and spear-phishing tactics, leading to the compromise of industrial control components, which prevented the industrial blast furnace from shutting down normally. It is suspected that the attack was conducted by insiders that knew the mill’s systems quite well, and it caused major damage to the mill’s systems. Fortu- nately, no one was hurt, but the incident could easily have cost lives. IoT is here to stay, and in most cases, such technologies are going to change the way we do business - and our personal lives - for the better. However, the majority of IoT devices evaluated in a recent HP Fortify research study displayed vulnerabilities(4) which could be exploited by cybercriminals. The IoT is the new battlefront between security professionals and cybercriminals, because of the wealth of easy targets the IoT provides. This means that security professionals need to be very diligent in protecting their organization’s IoT devices, and personal devices that can connect to the organization from employees’ homes, cars, etc. Controls need to be in place to prevent, detect and respond to threats that could compromise the confi- dentiality, integrity and availability of IoT devices and applications. Internet of Things (IoT) We are vulnerable and it’s scary! Let’s make the IoT safe! “The IoT is the new battlefront....”
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS To ensure that your company’s leadership can be confident and comfort- able in your IoT security, you need effective cyber resilience and risk management programs in place. These programs should include the following: • Ensure that your cyber security policies, standards, and procedures include requirements for IoT devices within your organization • Include the NIST Framework for Cyber-Physical Systems (IoT)(5) in your documentation • During the release management process (prior to production rollout of IoT devices) include an IoT threat modeling(6) exercise process • Maintain an up-to-date inventory of IoT devices within your organi- zation, and include this data in each IoT asset record: o Business purpose o Physical locations o Firmware number o Interface types o Links to threat modeling reports, and o The latest vulnerability/penetration testing reports • Conduct penetration testing and vulnerability assessments throughout the lifecycle of your IoT devices, especially during configuration and change management processes • Ensure that these technical mechanisms are implemented where possible: o Firewalls/ACLs o Encryption for both at-rest and in-transit data o Access controls o Secure and regular firmware update processes o Automated logging and alert mechanisms • Conduct regular information security awareness training and ensure that IoT is included in the training exercises • Conduct regular social engineering exercises that target IoT attack scenarios, to help ensure that your IoT training is effective Internet of Things (IoT) A Different Kind of Scary (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Conduct penetration testing.... DURING configuration and change management. 5- NIST Framework for Cyber-Physical Systems: http://www.hldataprotection.com/files/2015/03/NIST-Cyber-phyical-Framework-PRELIMINARY-DISCUSSION-DRAFT.pdf 6- Object Management Group (OMG) Threat Modeling: http://www.omg.org/hot-topics/threat-modeling.htm
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS One more item is critical to your overall IoT threat management: make sure that every phase of your IoT threat modeling process includes threats and counter measures from attacks by an insider. Insiders pose a much greater risk than an outsider – they have in-depth knowledge of your systems and processes, and unparalleled access and opportunities to compromise your IoT. Take your IoT security into your own hands, and contact VIMRO now to learn how we can help you implement and maintain controls to secure your IoT devices, and design, implement and/or manage your on-going IoT risk management program. Internet of Things (IoT) A Different Kind of Scary (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Insiders pose a much greater risk than an outsider. Authored by VIMRO’s Cybersecurity Leaders

Recommended

Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsNarinrit Prem-apiwathanokul
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ckNarinrit Prem-apiwathanokul
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 

Recommended

Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsNarinrit Prem-apiwathanokul
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?IBM Security
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainIBM Security
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ckNarinrit Prem-apiwathanokul
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportCamilo do Carmo Pinto
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Research On Global Markets
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation♟Sergej Epp
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityPriyanshu Ratnakar
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
Cyber crime
Cyber crime Cyber crime
Cyber crime Sourabh Badve
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefInternet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefBill Chamberlin
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
 

More Related Content

What's hot

[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber securityInderjeet Singh
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityPECB
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation♟Sergej Epp
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of SecurityVeracode
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityPriyanshu Ratnakar
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesNeil Kemp
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills GapStephen Cobb
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 

What's hot (20)

[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
 
Challenges in implementating cyber security
Challenges in implementating cyber securityChallenges in implementating cyber security
Challenges in implementating cyber security
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022)
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
 
The Seven Kinds of Security
The Seven Kinds of SecurityThe Seven Kinds of Security
The Seven Kinds of Security
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
 
Artificial Intelligence for Cyber Security
Artificial Intelligence for Cyber SecurityArtificial Intelligence for Cyber Security
Artificial Intelligence for Cyber Security
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills Gap
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 

Similar to Internet of Things - A Different Kind of Scary v2

Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefInternet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefBill Chamberlin
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxlmelaine
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxvrickens
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemCA Technologies
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdfRakeshPatel583282
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Samuel Kamuli
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020TestingXperts
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductSalesforce Developers
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOThe Economist Media Businesses
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 

Similar to Internet of Things - A Different Kind of Scary v2 (20)

Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend BriefInternet of Things Security: IBM HorizonWatch 2016 Trend Brief
Internet of Things Security: IBM HorizonWatch 2016 Trend Brief
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docxIoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
IoT Referenceshttpswww.techrepublic.comarticlehow-to-secur.docx
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT EcosystemProtecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
Protecting Our Cyber-Identity in a Physical and Virtual World for IoT Ecosystem
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
An Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT ProductAn Identity Crisis at the Center of Every IoT Product
An Identity Crisis at the Center of Every IoT Product
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Securing the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEOSecuring the internet of things: The conversation you need to have with your CEO
Securing the internet of things: The conversation you need to have with your CEO
 
IoT security Q3 2020 overview
IoT security Q3 2020 overview IoT security Q3 2020 overview
IoT security Q3 2020 overview
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
 

More from FitCEO, Inc. (FCI)

The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!FitCEO, Inc. (FCI)
 
HIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideHIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideFitCEO, Inc. (FCI)
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyFitCEO, Inc. (FCI)
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...FitCEO, Inc. (FCI)
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to knowFitCEO, Inc. (FCI)
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesFitCEO, Inc. (FCI)
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROFitCEO, Inc. (FCI)
 

More from FitCEO, Inc. (FCI) (20)

The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!
 
HIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideHIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance Guide
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security Methodology
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US Utilities
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
 
IPV6 a tale of two protocols
IPV6 a tale of two protocolsIPV6 a tale of two protocols
IPV6 a tale of two protocols
 
CODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHFCODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHF
 

Internet of Things - A Different Kind of Scary v2

  • 1. Restricting Authenticating Tracking User Access? Time Is Not On Our Side! 1- IoT Medical Device Threats: http://resources.infosecinstitute.com/hcking-implantable-medical-devices/ 2- IoT Car Threats: http://www.welivesecurity.com/2015/02/10/senator-car-hacking/ and http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ 3 -Cyber Attack on a Steel Mill in Germany: https://securityintelligence.com/german-steel-mill-meltdown-rising-stakes-in-the-internet-of-things/ 4 -2014 HP Fortify Internet of Things Research Report: http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pd 12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191 The Internet of Things (IoT) is pretty scary. We’re not talking identity theft or criminals making money from hacking kind of scary - we’re talking about life-threatening scary. IoT devices are everywhere, quietly performing critical functions in the medi- cal, engineering, and industrial fields (to name a few). For example, insulin pumps disperse life-saving insulin for people suffering from diabetes. Howev- er, if a criminal breaches one of these devices, it is possible to trigger the pump to disperse a major dose of insulin, killing the patient(1). Or, criminals could gain access to your car’s IoT and take control(2) of it while you drive! A major IoT attack occurred in a German steel mill(3) just last year. According to reports, the criminals began with social engineering and spear-phishing tactics, leading to the compromise of industrial control components, which prevented the industrial blast furnace from shutting down normally. It is suspected that the attack was conducted by insiders that knew the mill’s systems quite well, and it caused major damage to the mill’s systems. Fortu- nately, no one was hurt, but the incident could easily have cost lives. IoT is here to stay, and in most cases, such technologies are going to change the way we do business - and our personal lives - for the better. However, the majority of IoT devices evaluated in a recent HP Fortify research study displayed vulnerabilities(4) which could be exploited by cybercriminals. The IoT is the new battlefront between security professionals and cybercriminals, because of the wealth of easy targets the IoT provides. This means that security professionals need to be very diligent in protecting their organization’s IoT devices, and personal devices that can connect to the organization from employees’ homes, cars, etc. Controls need to be in place to prevent, detect and respond to threats that could compromise the confi- dentiality, integrity and availability of IoT devices and applications. Internet of Things (IoT) We are vulnerable and it’s scary! Let’s make the IoT safe! “The IoT is the new battlefront....”
  • 2. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS To ensure that your company’s leadership can be confident and comfort- able in your IoT security, you need effective cyber resilience and risk management programs in place. These programs should include the following: • Ensure that your cyber security policies, standards, and procedures include requirements for IoT devices within your organization • Include the NIST Framework for Cyber-Physical Systems (IoT)(5) in your documentation • During the release management process (prior to production rollout of IoT devices) include an IoT threat modeling(6) exercise process • Maintain an up-to-date inventory of IoT devices within your organi- zation, and include this data in each IoT asset record: o Business purpose o Physical locations o Firmware number o Interface types o Links to threat modeling reports, and o The latest vulnerability/penetration testing reports • Conduct penetration testing and vulnerability assessments throughout the lifecycle of your IoT devices, especially during configuration and change management processes • Ensure that these technical mechanisms are implemented where possible: o Firewalls/ACLs o Encryption for both at-rest and in-transit data o Access controls o Secure and regular firmware update processes o Automated logging and alert mechanisms • Conduct regular information security awareness training and ensure that IoT is included in the training exercises • Conduct regular social engineering exercises that target IoT attack scenarios, to help ensure that your IoT training is effective Internet of Things (IoT) A Different Kind of Scary (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Conduct penetration testing.... DURING configuration and change management. 5- NIST Framework for Cyber-Physical Systems: http://www.hldataprotection.com/files/2015/03/NIST-Cyber-phyical-Framework-PRELIMINARY-DISCUSSION-DRAFT.pdf 6- Object Management Group (OMG) Threat Modeling: http://www.omg.org/hot-topics/threat-modeling.htm
  • 3. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS One more item is critical to your overall IoT threat management: make sure that every phase of your IoT threat modeling process includes threats and counter measures from attacks by an insider. Insiders pose a much greater risk than an outsider – they have in-depth knowledge of your systems and processes, and unparalleled access and opportunities to compromise your IoT. Take your IoT security into your own hands, and contact VIMRO now to learn how we can help you implement and maintain controls to secure your IoT devices, and design, implement and/or manage your on-going IoT risk management program. Internet of Things (IoT) A Different Kind of Scary (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Insiders pose a much greater risk than an outsider. Authored by VIMRO’s Cybersecurity Leaders