The Internet of Things (IoT) has exploded, with more embedded devices being adding every month. From fitness bands and smart appliances to remote patient monitoring devices and industrial equipment, the technology has not just captured the fascination of consumers and businesses, but hackers as well.
IoT presents a new set of security risks that both IT professionals and device manufacturers need to address.
Here are 4 Types of Cyber attacks you should be aware of:
1. Physical cyber-attacks
These attacks result from breaches to the IoT device’s sensors. Click to read more about vulnerabilities of IoT embedded devices.
It’s estimated that approximately 70% of all cyber-attacks are initiated from the inside, whether purposeful or the result of human error.
With an IoT physical cyber-attack, the hacker most often accesses the system through close proximity, like inserting a USB drive.
Tampering can enable the intruder to take over the controls, extract data, and/or infuse the system with malicious code (similar to malware) that opens a door to the system without being noticed.
Hackers can also strike with a distributed denial of service (DDoS) that basically shuts down the system. Another physical cyber-attack hits the batteries in the devices and the system. While you think you have them set to sleep mode, the power is actually draining from the batteries.
2. Network cyber-attacks
These don’t require physical access to create a major disruption—like DDoS—in your network. These attackers infiltrate your network devices to see what’s flowing. They can insert themselves between you and your devices (known as “Man in the Middle” or “MitM”), creating fake identities, stealing information, and redirecting packets to their desired location, away from your network (also referred to as a “sinkhole” attack).
3. Software attacks
The third area that poses an IoT security risk is your software. Software attacks occur when malware is installed into your network’s program. This malicious software sends a virus, corrupts or steals data, and can both interrupt and spy on the activities. A software attack can launch a DDoS, too.
4. Encryption attacks
Finally, encryption attacks strike at the heart of your algorithmic system. Hackers analyze and deduce your encryption keys, to figure out how you create those algorithms. Once the encryption keys are unlocked, cyber-assailants can install their own algorithms and take control of your system.
Consequently, it is essential that IoT users maintain an awareness of these cyber risks and put preventative measures in place. Learn how to put a risk management plan in place here.
About the Author:
RAD DeRose is the President & CEO of L-Tron Corporation. He has over 30 years experience in industrial automation and data collection technology solutions and brings a deep industry knowledge-base on the challenges faced in the commercial and public safety sectors. RAD can be reached at (800) 830-9523 x114; rad.derose@L-Tron.com.
Welcome back to the second installment in our series on IoT security risks. In part 1, we discussed the security vulnerabilities associated with embedded devices that are connected to the Internet of Things (IoT).
Today, we will explore the cyber risks that your organization may face and address some proactive steps that you can put into place.
With the expansion of technology into the Internet of Things, mobile access to your network, and an ever-growing list of users, devices, and apps sharing your enterprise network, your cyber risks will continue to increase.
Cyber-attacks can hit you in the form of a virus or worm injected into your enterprise or IoT network.
You can experience a data breach that compromises:
- sensitive information, like patient records
- intellectual property
- and customer data.
You can suffer the pain of insider attacks, either from sabotage or human error.
Do you have a cyber risk management plan to prevent or mitigate cyber attacks?
Hackers invest all of their time in finding ways to get the information and results they want. You need to be equally as vigilant in blocking them.
Cyber risk management addresses every area that could be vulnerable to an attack. The plan focuses on identifying those risks, preventing the attack, and reacting efficiently and effectively when a hit happens.
Step One: Prioritize your risk areas.
Start preparing your cyber risk management plan by uncovering your risk areas. Examine your network—what you store, where you keep it (e.g., cloud, data center), who accesses it (employees, supply chain), and how (mobile, authentication). Where would you be hit hardest as the result of a cyber attack? What would be the cost of having your data compromised—e.g., malware, breach, or distributed denial of service (DDoS). We’ve learned from experience that a breach of customer data can cause long-term effects, resulting from the negative impact on your brand and the cost of losing customers.
Step Two: Evaluate your technology.
Mobile technology, the Internet of Things, BYOD, and the cloud each present their own sets of risks. Aging devices and outdated software and operating systems pose a security risk because the support in terms of security patches may no longer be offered. Assess the technology and the security protocols in place so you can determine where you need to make changes to minimize cyber risk.
Step Three: Assess your processes.
You should have “acceptable use” policies for anyone accessing your network, in any way. These policies clearly dictate the guidelines for using any enterprise technology—devices and apps—and what is permitted on your network. Your password policy should be included. Data back-up and recovery processes should be reviewed and adjusted as well.
How are third parties allowed to enter your network? How do you enable guests, customers, and vendors, while also restricting their access? The answers to these questions might uncover more concerns that should be addressed in your cyber risk management plan.
Step Four: Build on what you’ve learned.
Now that you have a detailed assessment of your current cyber risk situation (threats and vulnerabilities), build a plan that answers the question, “What if…?” Create a strategy that will close the gaps you’ve uncovered and provide direction on preventing and managing a cyber-attack. How will you handle the critical communication? Who will be in charge of securing the network? Define the people involved in cyber risk management and their roles. Provide the process for incident reporting, securing the physical as well as virtual property.
Once you have your cyber risk management in place, educate your employees as to their role in reducing risk.
Train them in the steps to avoid security breaches, such as password management, file sharing, and downloading.
Teach them to be aware of and to report suspicious activity.
Emergency preparedness is critical to minimizing risk to cyber-attacks as well as the outcome of those incidents.
About the Author:
Gayle DeRose is proud to be the COO and Marketing Director for L-Tron. Her passions are serving customers, all things creative and her family. She has been with the company for over 20 years, continuously developing her expertise in operations & marketing, as well as the strategy, implementation and ongoing training required to deliver the exceptional service standard L-Tron models today. Want to get in touch with her? Call 800-830-9523 x118 or email Gayle.DeRose@L-Tron.com.
It was an everyday morning. Almost.
The only thing out of ordinary was I had to put my uniform on early, well before my tour, and get to court. The rare subpoena for Family Court was the source of my irritation at everything and everyone between me and there. Of course, me – an irritated cop? Again, everyday.
I left my house extra early to get to headquarters, meet up with everyone’s favorite, Greece Police Sergeant Joe Antinora, grab a patrol car and beat morning rush hour into downtown Rochester. On the drive we recalled the details of the family trouble we’d been called to testify about. It was a custody issue with people screaming at each other out in the street.
The only victims in the whole thing were the kids who had to watch mom and dad acting like children. Oh yeah, and the cops who were forced in the middle of it, I thought sourly. It was bound to continue in court.
We scored a convenient parking spot in the garage under the Hall of Justice and managed to find a much-needed cup of coffee and breakfast at the Hall of Justice cafeteria. Nothing like food and good conversation to erase the irritation. Sgt. Antinora never seemed to get irritated.
My cellphone rang. It was my youngest sister whose husband was a cop. I answered. “Get to a TV,” she instructed. “A plane just hit the World Trade Center in New York City.” It was the first of many “holy shit” moments to follow. Nine days earlier, my wife and I had sailed past those towers on our way home from our honeymoon.
I told Sgt. Antinora the news and asked someone where we could find a television. There was one in the waiting room at the District Attorney’s Office. We found our way there and joined several people already watching live coverage of the unfolding disaster. In growing shock, we saw the south tower get hit. Joe and I looked at each other and knew.
No accident. Something is happening.
We stared at the television and listened to the hushed tones of conversation in the now packed waiting room. Shock and realization slowed time. Word came the Pentagon had been hit. Just shy of an hour after impact, we watched the south tower collapse.
Joe and I agreed. It was time to go. Something’s wrong.
The scramble to go down a mere three levels to the underground garage took forever. By the time we hit the ground floor of the Hall of Justice, the word had spread they were evacuating the building. It seemed to take even longer to get out of the garage in light of what we’d just seen.
While we were waiting in line to get out, a plane crashed in Shanksville, PA. Parking attendants weren’t collecting fees. They’d opened the gates and everyone was getting out.
When we got back to headquarters we checked in and were told to go out on the street. We’d be working until otherwise advised. I called my teacher wife. She and our daughter happened to be in the same school building. The conversation was short. Get home. Don’t know what’s going on. Check in later.
Patrol that day included frequent stops at firehalls to grab glimpses of the frantic efforts on the ground in New York City. It was a day for AM radio in the car, listening to developments at the Pentagon and the plane crash in Shanksville, PA.
It was no longer everyday.
Some can’t handle the unusual. Late that afternoon, on a tiny side street near the Greece border with Rochester, the call came in for a Regional Transit Bus with a man on it claiming he had a bomb. By the time patrols got there, the driver had managed to get everyone off the bus and only the male and his satchel remained.
In fluid fashion we scrambled to contain whatever was going on. I was assigned a post with a rifle covering the front door of the bus. Someone made shouted contact with the man on the bus. He was cooperative, but making no sense. He came off the bus carefully, as instructed. He was taken into custody and given a ride to the hospital. His satchel contained only one significant item and it wasn’t a bomb.
It was a Bible.
As vivid as 9-11, was the day after. Our police department sent two officers to New York City to help, only to be turned away because of the flood of assistance already at its borders. Our community was unusually quiet. Silent. Everyone behaved. It was as if we were struggling to breathe after a punch to the stomach; so many lives lost, the idea someone had the audacity to attack our country.
Every 9-11 since, the day begins, for me at least, with an air of sadness tinged with anger. For a few years afterward, I had my own personal practice to watch the documentary “9/11.” It took little to reignite the fury I shared with many Americans. But life, as it should, somehow gets in the way and the movie now has a revered spot in a drawer to help me remember again, another day.
This year I mark 9-11 by instructing recruits at the Rural Police Training Academy at Genesee Community College in Batavia. I’m not sure yet how we will note 9-11 … it’s a class of trainees, most of whom were likely in elementary or middle school back in 2001.
The one thing I KNOW is 9-11 changed law enforcement for the better. Out of tragedy, change.
Before becoming a cop, I spent several years as a journalist reporting on the police. I never understood the parochialism and territorialism which existed between agencies. After 26 years a cop, I still don’t understand it, and at best, can only chalk it up to politics. Being human.
But post 9-11, I watched new national standards elevate interagency coordination at an operational level. The unspoken change, which we sorely needed, happened – and that was improved, genuine cooperation between cops, no matter what agency they were from. I saw it, I experienced it, and I hope it continues.
What bothers me most outside the loss of life on 9-11, and of those who since sacrificed themselves for our security, is we have already forgotten what we were attacked by – religious and social extremism. I prefer the light-hearted punned quip of the cartoon character Pogo: “We have met the enemy and he is us.”
In this time of social and political extremism within our own borders, as we continually fight among ourselves, we need to reflect, and more importantly, step back. We need to allow opportunity for cool heads and warm hearts to prevail – like they did on 9-11 – a day on which we came together as one.
Then, and only then, can we return to the everyday.
Hank Kula is a retired police sergeant with 26 years in law enforcement. A certified crime scene investigator, crash reconstructionist, and former journalist, Hank works as a police instructor with recruits, veteran officers, and supervisors. His instructional specialties are in crime scene management and investigation, photography, communications and public information. Click to view more articles written by Hank.