Too Many Smart Devices Have Dumbed-Down Security Protocols
In October, 2016 the Mirai malware made headlines for doing just that. Utilized in the attack on Dyn, a company that hosts, manages, and maintains a substantial part of the Internet’s infrastructure, Mirai operates by attacking Internet of Things devices, gradually forming a botnet of zombified smartwatches, printers, and other Internet-connected “smart” devices to fuel a Distributed Denial of Service attack. These attacks essentially function by assaulting their target with so much traffic that the target shuts down. This brought down dozens of sites including Twitter, Netflix, Reddit, CNN, and many more in one of the largest-scale cyber attacks to date.
These DDoS attacks were once primarily powered by the familiar desktop computer, but with the boom in popularity of IoT devices, these devices are becoming a much more popular vehicle for the attacks.
This rise in popularity is due to a few factors. Firstly, the use IoT devices has been spreading both in popularity and in implementation, as was mentioned above. Therefore, zombifying them to be a part of a botnet boils down to basic tactics–there’s strength in numbers, so it makes more sense to utilize as many devices as possible. So, if there are seven IoT devices in a household that share one laptop, a botnet that utilizes on of the IoT devices will have six more devices at its disposal than it would have otherwise.
Secondly, there’s the matter of the security built into the devices themselves. How much thought would you think a manufacturer would put into the cyber security of a refrigerator? However, with refrigerators that now have “smart” features through Wi-Fi connectivity, cyber security is something that needs to be considered, and too often isn’t.
As an example that’s tinged with just a bit of irony, a security researcher decided to put the security of a particular IoT device to the test by monitoring a newly-purchased security camera. It took less than two minutes (closer to a minute and a half) for Mirai to infect the camera, despite the researcher’s precautions.
Unfortunately, there’s little that a user can do to protect their IoT device from infection. However, the industry is gradually catching on and taking steps toward protecting these devices from external threats, so hopefully the trend of IoT botnets will be relatively short-lived.
How many IoT devices do you own; and, what precautions do you take to keep them from being a hindrance to your network security? Share your story with us in the comments.
Is Your Company’s Data Encrypted? It Should Be
Encryption is a solid way of keeping hackers from using data that they’ve stolen from you to their benefit. While other security solutions like firewalls and spam blockers try to limit the number of threats that make their way onto your network, encryption focuses on being a last-ditch effort to save your data from being used against you. Encryption jumbles your data, making it difficult–if not impossible–for hackers to use. Therefore, encryption works best when combined with other security measures.
Here are three of the ways in which encryption benefits any business prioritizing data security.
Encryption Maximizes Security
Encryption is a priority for a business that wants to keep security at the max. Taking risks is simply unacceptable, and encryption has a chance to make any attempts made by a hacker a moot point. Data encryption works by scrambling your data, only unlocking it when it’s exposed to a specific security key. Hackers prefer going after data that’s easy to access, so encrypted data is sure to be an asset for your organization.
Encryption Augments Compliance
While encryption isn’t officially required by compliance laws like HIPAA, it certainly protects your interests by having it. Compliance laws generally only need your organization to implement preventative solutions like firewalls and antiviruses, but encryption is still of the utmost importance. Encryption is mainly useful for making sure that any breaches don’t result in compromised data, as hackers likely won’t be able to decrypt your data anyway.
Encryption is, More or Less, Expected
It’s understandable that you want encryption for your own data, but if you are a service-type business that provides products to clients, they are going to expect that you’ll take good care of their data, as well. For example, if you use a service like PayPal or Amazon, you expect them to use encryption to keep your payment information safe and secure. You can safely assume that your own clients will want to believe their data is safe in your hands. If their information is stolen and it’s your fault, they won’t take kindly to it, and you will lose points with them in the long run.
If you want to use encryption for your business (and you should), COMPANYNAME can help. To get started, give us a call at PHONENUMBER.
We Dig Into the Hacker’s Playbook for Some Solid Security Lessons
Keep in mind what these hacking tales are created to do: entertain. While life is often stranger than fiction, in the case of hackers, this certainly isn’t so. Security company SafeBreach issued the second edition of their Hacker’s Playbook, which guides the reader through the company’s experiences as they simulated particular methods of data breaches. The methods which succeeded were picked apart to understand how the hacker made their way into the network, how they moved around without getting caught, and how they made off with the data.
The results of such an experiment might shock you. Most successful attacks were operated by those who have been around for quite some time. Including executable files in email attachments was a favorite (and effective) tactic in a quarter of all attempts, while malware distribution, rootkits, and .zip files were also highly efficient. The results concluded that it’s not huge vulnerabilities that bring about catastrophe, as you might see on the big screen. Rather, it’s simple issues that are often discreet and rely on user error.
Your security measures may not be up to snuff to protect your systems from this type of threat. In fact, the solutions that you rely on to keep your infrastrastructure safe from malware may be configured incorrectly, leaving you wide open to attacks.
What this means for businesses is that it’s practically guaranteed that, at some point, you can expect to be hacked. When this time comes, you want to make sure that you have both preventative measures to limit the damage done, and reactive solutions that can quickly detect and eliminate threats. Furthermore, it’s of the utmost importance that you educate your employees on cybersecurity best practices, and that you keep your systems as up-to-date and functional as possible.
COMPANYNAME can help your business reach these lofty goals. With our comprehensive security solutions, you’ll find yourself losing less sleep over your network’s security. To learn more, reach out to us at PHONENUMBER.