Threat Prevention and Management in the Era of Always On, Connected Devices

By Jeff Cortley, VP of Engineering Services & Solutions, Tekmark Global Solutions

If you came home one day to find your TV and stereo had been stolen because you left a window open or a door unlocked, you’d probably jump at the chance to go back in time and lock up your house. With the advent of smart buildings, connected cars, intelligent appliances and such, we’ve become enamored with the convenience of being able to remotely start the car, adjust the thermostat, or monitor our pets. Yet what we fail to appreciate is the increased exposure to our critical assets from second- and third-order vulnerabilities if any of these devices are compromised.

A recent example illustrates the potential threat where foreign hackers used a publically available search tool, Google dork, to troll for unprotected computer hardware and were able to gain access control to a dam in New York State.  Ironically, the penetrated computer was an old server brought online to create “smart infrastructure”, i.e., remote monitoring and control.  Unfortunately due to the age of the machine, it lacked the latest software patches and was easily penetrated.  Fortunately, the dam was out of service for routine maintenance so the exposure was contained, but the potential impact from these types of events is easy to imagine.  Aside from the potential calamitous implications, there’s a significant cost to infrastructure breaches in terms of reputational damage, compensation for restitution, or losses of production.

So how can threats be minimized in this brave new world?  The traditional security mantra of “Trust but Verify” still applies, but a more holistic campaign of continual preventative activity is required today. Think of it like a lawn care program.  Just as you would apply a systematic regimen of fertilizer, crabgrass preventer, insect control, and water to maintain your lawn, threat management needs similar discipline and expertise to design and apply the appropriate plan to suit your business.  Throughout the year you should perform health checks on your network and applications, provide security awareness training for your people, conduct reviews of your third party vendor policies, audit your governance, risk, and compliance approach and conformance, and confirm your incident response procedures.

Tekmark Image

Same as weeds and pests morph to become resistant to preventative measures, hackers constantly evolve their capabilities to elude safety defenses.  As the Internet of Things proliferates, the connectivity of technologies using more air interfaces like Wi-Fi and Bluetooth low energy opens up more points of ingress.  Unfortunately software viruses, malware, and network penetrations are like weeds – by the time you spot them it’s too late.

Since we don’t have the option of going back in time after an incident occurs, we need to be ever more vigilant to make sure all the windows are closed, doors are locked, and the neighborhood watch is continuously on the lookout for suspicious activity!

About TekSecure Labs, Tekmark’s Cybersecurity Division
In 2002, Tekmark acquired a team of security experts and the inception of TekSecure Labs began. With over 25 years’ security experience and over 12 years with Tekmark, this division has successfully provided comprehensive managed and professional security services for Fortune 1000 companies in the telecom, retail, healthcare, financial, manufacturing, entertainment, government, transportation and utility industries. Our experienced, responsive and dedicated staff can help organizations meet compliance requirements and perform security quality assurance functions while building out your security programs. For more information, visit our website: http://www.tekmark.com/services/cybersecurity-services.

Contact
Jeff Cortley
VP of Engineering Services & Solutions
Tekmark Global Solutions
JCortley@tekmark.com

Advertisement

Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.