Managing the Risks of the Future Internet of Things
My slides from the 2019 IEEE Vision Innovation Challenges Summit
22 Red Flags Someone Is Spying on Your Phone
You receive a text message or an email notification from your mobile carrier about an account change you didn’t make and, thirty minutes later, your cell phone has no signal, even after a reboot. You can’t log into your email. You’re locked out of your bank account.
CrowdStrike tackles BIOS attacks with new Falcon features
In the past few years, security researchers and advanced persistent threat actors have demonstrated attacks on the BIOS, said Kayne McGladrey, IEEE member and director of security and IT at Seattle-based Pensar Development.
These rare attacks can provide a persistent and hidden bridgehead into an enterprise network, McGladrey said.
5G and What it Means for Cybersecurity
“Consumers should use the ‘guest’ network of their home Wi-Fi routers as a dedicated network for IoT devices, so if one of those devices were compromised, the threat actor can’t easily pivot to more valuable data.” That’s the case for newer devices, he says. “For older, cheap, IP-based security cameras and digital video recorders (DVRs), the easiest way to secure them is to recycle them responsibly as there often are no security updates available.” The ability to update devices over their lifetime is essential to security, and should factor into buying decisions, he says.
Why security-IT alignment still fails
An organization that doesn’t understand or appreciate security won’t be able to adequately identify and prioritize risk, nor articulate its tolerance for those risks based on business goals and objectives, says Kayne McGladrey, director of security and IT for Pensar Development and a member of the professional association IEEE (The Institute of Electrical and Electronics Engineers).
“The CIO won’t see the business impact if there’s not a culture of risk mitigation,” McGladrey says. “A culture where security is seen as someone else’s problem will derail any conversation around security, so the biggest thing for CISOs is to make the conversation with CIOs around risk – not around technologies or shiny objects but around risks to the business.”
DHS-led agency works to visualize, share cyber-risk information
Sharing information about threats can help boost overall cybersecurity by alerting others to those risks, as well as providing successful ways to counteract them, said Kayne McGladrey, national cybersecurity expert, director of security and information technology for Pensar Development, and member of the Institute of Electrical and Electronics Engineers.
“They could actually see a reduction in those threats that are commodity threats — threats that are crimes of opportunity [vs. targeted attacks],” he said.
Insider Threats: A Big Fear for Small Businesses
This goes hand in hand with the increasing number of vendors, solutions and buzzword technologies. There’s a fear that an SMB will buy the solution that solves a problem defined by a venture capitalist and not address a genuine threat to their business.
7 hot cybersecurity trends (and 4 going cold)
While we hope these points have brought into focus some of the evolving challenges in IT security, we also want to point out that certain best practices will continue to underpin how smart security pros approach problems, no matter what the flavor of the month is. “Enterprises are going back to the basics: patching, inventory management, password policies compliant with recent NIST directives,” says Kayne McGladrey, IEEE Member and Director of Security and Information Technology at Pensar Development. “Enterprises are recognizing that it’s impossible to defend what can’t be seen and that the easiest wins are to keep systems up to date and to protect against credential stuffing attacks.”
6 Strategies for Transitioning to a Digital World
“Identify those elements of your business that are core competitive differentiators,” says Kayne McGladrey, Director of Security and Information Technology. “Focus on improving those. If accounting, cybersecurity, legal affairs, or marketing is not core to your organizational identity, then plan to migrate away from your legacy systems and processes in those areas. Organizations can then focus their limited time and resources on improving what they do well, and what customers value most about those organizations.”
6 Questions to Ask While Buying a Connected Car
“People need to ask the car companies where they stand on security,” says Kayne McGladrey, director of security and IT at Pensar Development and an IEEE member, who cites companies such as Apple and Google, which have made strong public statements on these matters.
When asked if the car companies have followed suit, McGladrey says, “Not really.”
Securing IoT: Whose responsibility is it?
Enterprises and consumers alike are rewarding vendors that produce low-cost, insecure devices, such as $20 IP-based security cameras. It’d be easier for everyone if those consumers instead sent $20 to threat actors who will inevitably compromise those devices, as this would only be a $20 problem.
However, when threat actors conscript thousands of insecure IP-based security cameras into a botnet that can knock major brands off the internet — such as what happened with the Mirai botnet attacks in the fall of 2016, it potentially becomes a multimillion-dollar problem that affects major markets and international relations.
How AI cybersecurity thwarts attacks — and how hackers fight back
“If the end user logs on from Seattle, where their mobile phone and laptop is, a connection from New York would be unusual,” McGladrey explained. “It is also possible to note the typing style and speed of a user and use that biometric signature to determine if the user is legitimate. These data [points] make it more difficult for a threat actor to operate silently in the environment.”