Cyber Hygiene – A modern dilemma

Posted on September 22, 2016

0


IoT = D-HIV


The faster we move the sicker we get.

As we see in our offline world so we are experiencing in our new Cyber realms and digital hyper-connected social network societies. I postulate that IoT (Internet of Things) is as virulent and as terminal as HIV in our digital lives.

IoT = D-HIV variant

IoT, is a technology revolution that flies in the face of the diligent security responsibility we are all striving for in digital life. IoT vendors have slipstreamed this trust association, but they simply don’t operate to the same economic models and trusted disciplines that produce those nice shiny devices from the likes of  Microsoft, Apple, Samsung etc.

You guessed it stack ’em high and sell them cheap comes at a very high cost in our hyper-connected world.

The speed of IoT injection into our lives, living environments, infrastructure and businesses is lowering Cybersecurity hygiene to new depths. As Terry Pratchett would say – “It’s not the fall that will kill you but the landing“.

Brian Krebs landed last month, it was painful, it hurt both him, as his website (https://krebsonsecurity.com) was taken offline, but also the goodwill of Akarmi a major vendor that hosted his site for free. Akarmi’s business model is to protect website from such attacks, but even their goodwill dried up at hyper-speed and they had to cut Krebs loose due to the exponential cost of defending against the sheer scale of the attack.

That attack was manifested by IoT devices that were hacked and recruited into a digital army that flooded the internet with traffic destined for the ‘Krebs Online’ website. Apart from taking the website offline it severely tested the capacity prowess of the Internet, creaking was widely heard. I will not repeat what is well covered in other online sources, if you want to know the details here’s a start – ‘Krebs Website Hit By 620 Gbps DDoS Attack’.  The worrying think is that the IoT Camera’s that were the main source of this hack cannot in their majority be patched. They remain an active risk surface.

This is perhaps the most alarming factor with IoT devices. To protect against security holes traditionally you update the software on the system or device. Welcome to the disposable society, for most IoT devices this means throwing them away and getting the next generation as they have no practical way of being patched or upgraded by end users. Those that do are a software challenge beyond all but the most competent. I guess you could isolate them from any public network, but then that defeats the purpose of their existence!

IoT is being injected voluntarily into the living network ecosystems that our digital lives, infrastructure and businesses are dependent on. Start asking NOW, Is your network D-HIV positive?

There is no cure unless you can irradiate it completely. Yes you can live with it, but that requires expensive treatments, and even then it could simply wake from dormancy into full blown terminal hell.

The solution? Cyber Hygiene and decline the temptation of engaging with promiscuous devices.

Advertisements