The Internet of Things (IoT) has exploded, with more embedded devices being adding every month. From fitness bands and smart appliances to remote patient monitoring devices and industrial equipment, the technology has not just captured the fascination of consumers and businesses, but hackers as well.
IoT presents a new set of security risks that both IT professionals and device manufacturers need to address.
Here are 4 Types of Cyber attacks you should be aware of:
1. Physical cyber-attacks
These attacks result from breaches to the IoT device’s sensors. Click to read more about vulnerabilities of IoT embedded devices.
It’s estimated that approximately 70% of all cyber-attacks are initiated from the inside, whether purposeful or the result of human error.
With an IoT physical cyber-attack, the hacker most often accesses the system through close proximity, like inserting a USB drive.
Tampering can enable the intruder to take over the controls, extract data, and/or infuse the system with malicious code (similar to malware) that opens a door to the system without being noticed.
Hackers can also strike with a distributed denial of service (DDoS) that basically shuts down the system. Another physical cyber-attack hits the batteries in the devices and the system. While you think you have them set to sleep mode, the power is actually draining from the batteries.
2. Network cyber-attacks
These don’t require physical access to create a major disruption—like DDoS—in your network. These attackers infiltrate your network devices to see what’s flowing. They can insert themselves between you and your devices (known as “Man in the Middle” or “MitM”), creating fake identities, stealing information, and redirecting packets to their desired location, away from your network (also referred to as a “sinkhole” attack).
3. Software attacks
The third area that poses an IoT security risk is your software. Software attacks occur when malware is installed into your network’s program. This malicious software sends a virus, corrupts or steals data, and can both interrupt and spy on the activities. A software attack can launch a DDoS, too.
4. Encryption attacks
Finally, encryption attacks strike at the heart of your algorithmic system. Hackers analyze and deduce your encryption keys, to figure out how you create those algorithms. Once the encryption keys are unlocked, cyber-assailants can install their own algorithms and take control of your system.
Consequently, it is essential that IoT users maintain an awareness of these cyber risks and put preventative measures in place. Learn how to put a risk management plan in place here.
About the Author:
RAD DeRose is the President & CEO of L-Tron Corporation. He has over 30 years experience in industrial automation and data collection technology solutions and brings a deep industry knowledge-base on the challenges faced in the commercial and public safety sectors. RAD can be reached at (800) 830-9523 x114; rad.derose@L-Tron.com.
Welcome back to the second installment in our series on IoT security risks. In part 1, we discussed the security vulnerabilities associated with embedded devices that are connected to the Internet of Things (IoT).
Today, we will explore the cyber risks that your organization may face and address some proactive steps that you can put into place.
With the expansion of technology into the Internet of Things, mobile access to your network, and an ever-growing list of users, devices, and apps sharing your enterprise network, your cyber risks will continue to increase.
Cyber-attacks can hit you in the form of a virus or worm injected into your enterprise or IoT network.
You can experience a data breach that compromises:
- sensitive information, like patient records
- intellectual property
- and customer data.
You can suffer the pain of insider attacks, either from sabotage or human error.
Do you have a cyber risk management plan to prevent or mitigate cyber attacks?
Hackers invest all of their time in finding ways to get the information and results they want. You need to be equally as vigilant in blocking them.
Cyber risk management addresses every area that could be vulnerable to an attack. The plan focuses on identifying those risks, preventing the attack, and reacting efficiently and effectively when a hit happens.
Step One: Prioritize your risk areas.
Start preparing your cyber risk management plan by uncovering your risk areas. Examine your network—what you store, where you keep it (e.g., cloud, data center), who accesses it (employees, supply chain), and how (mobile, authentication). Where would you be hit hardest as the result of a cyber attack? What would be the cost of having your data compromised—e.g., malware, breach, or distributed denial of service (DDoS). We’ve learned from experience that a breach of customer data can cause long-term effects, resulting from the negative impact on your brand and the cost of losing customers.
Step Two: Evaluate your technology.
Mobile technology, the Internet of Things, BYOD, and the cloud each present their own sets of risks. Aging devices and outdated software and operating systems pose a security risk because the support in terms of security patches may no longer be offered. Assess the technology and the security protocols in place so you can determine where you need to make changes to minimize cyber risk.
Step Three: Assess your processes.
You should have “acceptable use” policies for anyone accessing your network, in any way. These policies clearly dictate the guidelines for using any enterprise technology—devices and apps—and what is permitted on your network. Your password policy should be included. Data back-up and recovery processes should be reviewed and adjusted as well.
How are third parties allowed to enter your network? How do you enable guests, customers, and vendors, while also restricting their access? The answers to these questions might uncover more concerns that should be addressed in your cyber risk management plan.
Step Four: Build on what you’ve learned.
Now that you have a detailed assessment of your current cyber risk situation (threats and vulnerabilities), build a plan that answers the question, “What if…?” Create a strategy that will close the gaps you’ve uncovered and provide direction on preventing and managing a cyber-attack. How will you handle the critical communication? Who will be in charge of securing the network? Define the people involved in cyber risk management and their roles. Provide the process for incident reporting, securing the physical as well as virtual property.
Once you have your cyber risk management in place, educate your employees as to their role in reducing risk.
Train them in the steps to avoid security breaches, such as password management, file sharing, and downloading.
Teach them to be aware of and to report suspicious activity.
Emergency preparedness is critical to minimizing risk to cyber-attacks as well as the outcome of those incidents.
About the Author:
Gayle DeRose is proud to be the COO and Marketing Director for L-Tron. Her passions are serving customers, all things creative and her family. She has been with the company for over 20 years, continuously developing her expertise in operations & marketing, as well as the strategy, implementation and ongoing training required to deliver the exceptional service standard L-Tron models today. Want to get in touch with her? Call 800-830-9523 x118 or email Gayle.DeRose@L-Tron.com.
Last month, I had the opportunity to travel with OSCR360 to Gettysburg, PA for the 2017 Pennsylvania State Police (PSP) Reconstruction Seminar. .
The PSP Reconstruction Seminar attracted over 350 attendees and was free to active Law Enforcement reconstructionists.
I had a great time at the conference with my co-workers Alex and Chuck, a retired sergeant and our resident crash reconstructionist. L-Tron was proud to sponsor the 10am coffee break on Thursday morning and we enjoyed meeting many of the PSP Officers, along with Law Enforcement Officials who traveled from all over the U.S. to attend a conference built specifically around Crash Reconstruction. The evening networking events were a lot of fun, too. (Karaoke night and a dinner banquet!)
I think I was most excited to watch the crash demos, which included two head-to-head collisions. One of these collisions included a Smart Car versus a Ford Explorer. I was astounded by the amount of damage inflicted on the smaller vehicle. Chuck was able to use OSCR to take 360 degree shots of both crashes, and to organize DSLR still photos of the scene(s) within the OCSR software. By organizing this crash data and photo evidence, Chuck provided a more accurate and comprehensive presentation of the both crashes.
At the Scene
Chuck photographed both crash scenes with OSCR360. Because of the nature of the crashes and the amount of people eager to study the scenes, Chuck needed to be able to move through the area quickly and efficiently. It was amazing to see how he was able to set up OSCR himself and capture all of his 360 degree photos within 15 minutes. OSCR captured 360 degree images from the zone of impact, as well as images that showed triangulation and striations in the road that were left behind by all four vehicles. By utilizing all of the information gathered by OSCR and our DSLR photos, Chuck likely could extrapolate the speed the cars were moving prior to impact. Although not a measuring device, OSCR compliments measuring devices like the LEICA system and total stations. OSCR is invaluable in walking through information and evidence at the crash scene, witnesses and jury members are able to see exactly what the Crash Reconstructionist sees.
Why attend the PSP Reconstruction Conference or take the A.C.T.A.R. Exam?
The PSP Reconstruction Seminar allows traffic reconstructionists to network and to share new ideas and technologies within their field. The conference is meant to explore interesting investigations, new training, and fields of study. Topics at this year’s conference included:
- Heavy vehicle inspections
- Autonomous vehicles
- Results from the WREX 2016 Human Factors Studies
- Drugged driving
There was an Accreditation Commission for Traffic Accident Reconstruction (A.C.T.A.R.) training prior to the conference that conference attendees were welcome to complete. The written exam followed the day after the conference ended. A.C.T.A.R. accredited reconstructionists, benefit from:
- Continued professional development and growth
- Confidence in their reconstruction abilities
- Inclusion in the A.C.T.A.R. directory
- Inclusion in an electronic database
- Compliance with the A.C.T.A.R. code of conduct
- Standards set by 24 professional reconstruction organizations
- The only broad-based, objective and meaningful standards available by the legal and scientific community
OSCR360 is not just a crime and crash scene camera. OSCR360 allows you to capture collision and crime scenes in full 360 degrees, as they were seen by the investigator. Quickly and easily take 360 crash photos inside a vehicle, at the scene or use the 25 foot mega-mast for aerial photos. No training is required (unlike drones and laser scanners).
Next, use the OSCR360 software to attach multi-media evidence files including; DLSR photos, video surveillance footage, 911 recordings, dispatch records, witness testimony, hospital records, overlay crash sketches and more. Didn’t get a 360 photo, but need to add an evidence file down the street or around the corner from your crash? No problem – just add a direct point of interest. Add in the data you need to close the case. The OSCR software is simple and easy to use.
OSCR allows you to capture, preserve and present a more comprehensive and accurate representation of a crash scene and the environment it occurred in.
OSCR360 was built from the voice of Law Enforcement Officers, Reconstructionists and Prosecuting Attorneys. The OSCR360 equipment is economical and priced to fit the budget of any municipality. Click here to learn more about OSCR360.
About the Author:
Julianne Pangal is a proud “Edu-Techie” at the L-Tron Corporation. Along with assisting the marketing team and creating content, you might catch Julianne at any of our Law Enforcement conferences or tradeshows. She loves connecting with customers and meeting new people. When she’s not working or traveling for L-Tron, Julianne enjoys riding horses, running and finding balance in the yoga studio. She also loves to give back to the local Rochester community. Email Julianne.Pangal@L-Tron.com with any questions!