BreachExchange mailing list archives
FBI CISO warns of IoT data breaches
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 25 Sep 2015 11:52:33 -0600
http://searchsecurity.techtarget.com/news/4500254067/FBI-CISO-warns-of-IoT-data-breaches The FBI's chief information security officer warned the impact of IoT data breaches could be much worse for end users than previous enterprise data breaches. During her keynote address at the 2015 IoT Security Conference in Boston Tuesday, FBI CISO Arlette Hart discussed how the growth rate of the Internet of Things (IoT) is outpacing IoT security efforts and implored enterprises to take action before disaster strikes. With technology, "Cool trumps safe," she said. "The capabilities themselves are almost always developed without security in mind. We need to change that [for IoT]." IoT introduces an overwhelming amount of new devices, data, network traffic, and protocols that has already had a profound impact on IT and cybersecurity strategies. IoT data, she said, will change how breaches affect end users. With recent retail data breaches, Hart said the impact has been "relatively light" on end users. But in the case of an IoT data breach, Hart said, the impact will have serious effects on end users because their sensitive data is interconnected with personal devices like their door locks, cars, baby monitors, thermostats, lights, security cameras, and other household appliances. That information, in the hands of a cyber criminal, can be devastating and result in a serious breach of privacy. "Last year I got a new credit card. I got credit monitoring too. What else did I feel from all of these breaches?" Hart said. "But when we move into IoT, I think the world is going to change a little bit. I think it's going to change to the point where, when compromises happen, people are going to feel it." As IoT data is created, transmitted, and stored, it represents a new opportunity for threat actors to steal sensitive information, Hart said. It also poses significant threats to the enterprise and the end user because cybercriminals can cause physical havoc by tampering with devices. Hart notes that it's not just outsiders that enterprises need to be wary of. "Malicious insiders are an internal threat to your infrastructure. The inadvertent insider is one of the biggest causes of compromise. You trust our employees, really? You have forty thousand employees and not one of them is bad?" New technologies mean new security challenges, Hart said. Many IoT devices have serious vulnerabilities and no dedicated security protection and if they haven't been hacked, they will be. However, the IoT security landscape is rocky because IoT is a new and developing technology and there is a general lack of standards in the space, and, she said. On the bright side, however, Hart said technology companies understand that IoT security needs to be addressed, and many companies and organizations are already working on developing industry standards and regulations. "This is only going to happen through self-regulation because, frankly, you are all moving way too fast for the government to be able to catch up with you," she said. "Self-regulation is critical to this [IoT security] effort." On the other hand, Hart said, threat actors know that the growing number of connected devices hold valuable data and will likely step up their attacks on IoT targets. "The threat vectors are increasing and they're pervasive and they're going to keep on coming and they're going to accelerate because this is such a rich field," Hart said. "IoT compounds the security challenges that we already have."
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- FBI CISO warns of IoT data breaches Audrey McNeil (Sep 28)