Tackling the Challenges of IoT in the Cybersecurity Space

We spoke with Michael DeCesare, CEO of network security startup ForeScout, about how cybersecurity is changing as the Internet of Things expands.

What trends are you seeing in the connected world? 

The connected world has changed dramatically over the past 20 years, and day-to-day processes across every industry are becoming connected and automated. Rapid adoption of Internet of Things (IoT) devices is creating a tremendous opportunity for innovation and success — but the security and privacy risks associated with these devices far outweigh the gains.

What are a few examples of IoT adoption in the enterprise?

Companies are using the corporate network to connect HVAC controllers, security cameras, conference room TVs and more. Hospitals are putting beds online, airlines are putting planes and gates online, banks are putting ATMs online, governments are putting all aspects of their military online.

What are the cybersecurity challenges organization face today?

Many of today’s corporate, IoT and operational technology (OT) devices are being allowed on the company’s network without the same proactive security measures that were taken historically. Each new device that comes online represents another attack vector for an enterprise. The good guys need to defend everything; The bad guys need to simply find one way in. 

How can enterprises protect themselves in the age of Internet of Things (IoT)?

Organizations lack visibility into approximately 30 to 60 percent of the devices connecting to their network. Instead of trying to block what’s on a network, organizations have to embrace what’s on the network. Having visibility into the billions of devices connecting to their network is the first step to a security strategy.

Ask renowned computer security consultant Kevin Mitnick and he’ll tell you that there is a silent cyber war unfolding underneath our noses, and everyone — from the head of a major company with a vast network to any person with a smartphone — is at risk.

Mediaplanet sat down with him for a crash course on the evolution of cyber security and learned why, in today’s digital world, it takes a hacker to outsmart a hacker.

1. Hackers have evolved.

“When I started, it was completely legal and hacking was cool. Hackers were considered the whiz kids,” says Mitnick. He recalls that “still, to this day, my favorite hack of all-time was hacking the McDonald’s drive-through window when I was young.” But, over the past couple of decades, hackers have evolved from brainy teenagers goofing around on their family’s computers into something much more malicious.

And Mitnick’s fast-food prank points towards an underlying dilemma in cyber security; As the amount of internet-connected technology grows, it’s no longer just the obvious devices, such as laptops, smartphones and tablets, that we need to protect. We need to recognize that TVs, thermostats, refrigerators, toilets, baby monitors, security cameras and beyond can also be hacked, and manufacturers of these seemingly innocuous devices don’t equip them with the security features that vendors of computers and phones automatically put in place.

2. No information is safe.

Microsoft estimates that by 2020, 4 billion people will be online — twice the number that are online now. And in 2018, just one year from now, experts predict that sophisticated hackers will begin targeting humans over machines. These cyber criminals are equipped with a constantly-evolving arsenal of attack methods, putting everyone with an internet connection at risk. 

“Private information is freely available if you subscribe to the right databases, typically used by information brokers,” Mitnick explains. These databases allow you to query a person’s Social Security number, birthdate, current and past addresses, and current (or past) phone numbers. “Hackers can get access to anything if they have enough time, money and resources.”

3. Siri can’t save you.

A new study by Cisco suggests that Wi-Fi and mobile devices will account for 66 percent of IP traffic by 2020, up from 48 percent in 2015. “Most people don’t use security on their mobile phones,” Mitnick urges. Many consumers believe that safety is ensured by simply adding a passcode to a device; Actually, hackers don't need physical access to your phone to steal personal information or infect the device with malware.

To avoid vulnerabilities, Mitnick recommends using a virtual private network (VPN) service. “One thing people should consider is purchasing a VPN subscription so that they can securely connect when using public Wi-Fi,” he outlines. “Basically, if you aren’t using a VPN, your internet traffic may be monitored, or worse, you may be hacked when using open wireless networks.”

4. It’s a lucrative career.

From chief information security officers who look at the big picture to engineers who deal with the technical specifics, there’s an ever-growing demand for talented individuals in the field — and that talent pays.

Little did a young Mitnick know, he was on the forefront of this burgeoning industry. But first, he had to convince the federal government that he wasn’t the threat. “I was made out to be the poster boy for the new evil menace: hackers.” But today, smart organizations recognize that “the truth is simple. It takes one to know one.”

Now, as the CEO of Mitnick Security, he is paid by Fortune 500 companies to expose flaws in their cyber security. He and his team “maintain a 100 percent successful track record of being able to penetrate the security of any system they are paid to hack into using a combination of technical exploits and social engineering.” As Mitnick explains, “Businesses hire my company to try to break into their organizations to test their security,” he explains. “It’s like living in a heist movie. What’s not to love about that?”