Page 8 - index
P. 8
It might surprise you to hear that the answer goes back to the old adage: an ounce of prevention
is worth a pound of cure.
As we’ve discovered, cyber threats are no longer distinct to wired outlets. Thus companies –
big and small - are beginning to understand that cell phones, tablets, and the thousands of other
wirelessly connected devices pose real, non-linear risks that are continuously evolving in
sophistication and frequency over relatively short periods of time.
While reaction to this Wild West of vulnerabilities, outside of the world’s largest corporations,
has been slow; the vast majority of companies are finally responding by implementing Bring
Your Own Device (BYOD) policies.
Unfortunately, many of these policies only secure what goes out through devices and pays little
attention to what these devices may be bringing in. A fix here is to develop a more
comprehensive Internet of Things (IoT) policy; yet to date, there has been little discussion and
virtually no implementation of such policies.
In 2014, workplace cyber crime will account for over $100 billion. In addition, IDC predicts that
within the next 2 years, 90% of all IT networks will have an IoT-based security breach, although
many will be considered "inconveniences."
Whether an inconvenience or a catastrophe, these statistics are staggering, and illustrate the
immediacy needed to create policy that can detect and mitigate what defines the vast diversity
st
of f 21 century cyber threats.
Airborne security, for example, will rely heavily on detection - knowing what devices are
supposed to present in an environment and what devices should not. As with Airhopper, today’s
most common methods of security and detection would not see the FM transmission signal
responsible for facilitating a data breach – and an attack using these protocols would have been
successful.
The Airhopper study also illustrates the importance of utilizing the technology that exists to
passively read electromagnetic leakage with a simple smart phone. Of course, hardware exists
that can remove the speed and data transmission barriers illustrated in the Airhopper study and
allow for RF data collection from much further distances.
With the emergence of the IoT and the proliferation of devices in corporate airspaces, the world
is quickly approaching a whole new way in which the bad guys can compromise enterprise
infrastructure.
Solutions empowering corporate security professionals with greater insight into situational
awareness, both in and around their cyber environments, are being developed. As the
Airhopper study revealed, the IoT makes it imperative that RF emission detection be a major
component of cybersecurity solutions moving forward.
But hackers and threat actors won’t wait for these technologies to be perfected, so CISOs and
corporate executives need to take notice, and most importantly, action to secure the new world
– one comprised of the Internet of Things.
8 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide