Agenda
• Cover
Syllabus (in general, will try to mix up theory and practice more than
suggested in the syllabus; will skip around)
• Workgroups: (Pretest)
– What
are the security threats that you should consider in assessing your security
risk (eg, password strength)?
– What
are the benefits of cybercrime to the criminals (eg, manage your browser search
results for their benefit)?
– Rank: $ and “pain to fix to you”
• Course
Objectives
• Some
Quotes
• Magnitude
of Problem
• Course
References
• Using
the Blog
Course Objectives
• Familiarity
with
– Vocabulary
of IoT Security as both cybersecurity and personal security
– IoT
Ecosystem
– Threats
– The
Darknet business model and tools
– Your
best practices (and risks of ignoring them)
• Using
the internet to answer your questions
• Each
person develops your personal security plan based on the risks you are accept;
that is, you make an educated choice regarding risk of, for example, using the
same password across multiple web sites
• Each
person develops a plan to periodically reassess your security plan
Some Quotes
• “99.9% of exploits are possible because organizations
don't address basic security hygiene? The fact is that a lot of households industries
focus on the wrong things, often using security strategies that are
fundamentally flawed and ultimately do not provide the right sort of protection
they need. (Global Risk Community).”
• As
originally written, this quote pertains to web sites you use. What it says is that most web sites have
security issues because management chooses to ignore or downplay them.
• “Recently,
the CIA lost control of the majority of its hacking arsenal including malware,
viruses, trojans, weaponized "zero day" exploits, malware remote
control systems and associated documentation. This extraordinary collection,
which amounts to more than several hundred million lines of code, gives its
possessor the entire hacking capacity of the CIA. The archive appears to have
been circulated among former U.S. government hackers and contractors in an
unauthorized manner, one of whom has provided WikiLeaks with portions of the
archive.”
(March 7, 2017)
Magnitude of Problem
• $1.2
Billion loss on Ransomware in 1 year (Vimeo.com)
• Worldwide
loss
– 2007: $13 Billion (computereconomics.com)
– 2015: $400 Billion (expandedramblings.com)
– 2015: increase in cyber security incidents, 2014 to
2015: 38% (expandedramblings.com)
– Top
means of cyber attack, 2016: phishing
and malware (top for 8 consecutive years) (expandedramblings.com) But! Doesn’t include cyberattacks from inside
the network (through kids, USB drives, smart devices) and doesn’t include
Botnets insertions
– Is
NSA or the Govt spying on you? Embedded on your device, etc (Vault 7)
– “While the exact cost of these attacks has
not been revealed, DDoS attacks in general are estimated to cost businesses an
average of $22,000 per minute, with the cost ranging as high as over $100,000
per minute. With the average DDoS attack
lasting six hours, the financial impact can be enormous.” (Sonicwall)
– DDoS is growing exponentially because IoT
is a prime target for bots
• Security
Issues with Smartphones are ramping up- not really measured yet!
– Screen
overlays steal login data
– Ad
fraud malware on rise, with under-the-radar attempts to gain root access
– Many
more apps available “in the wild” outside the Play Store. These are not safe and install malware that
replicates and replicates
Course References
Examples of “Things”
• Security
and child monitor cameras
• Alexa
and other “personal assistants”
• Health
monitoring and immediate reaction equipment (heart, diabetes, sleep disorders)
• Trash
can monitors that check on whether a household is recycling (!) or check on
when a trash receptacle is full.
• Dash: Amazon tool that reads bar codes in order for
users to easily order; includes voice recorder (ala Alexa)
• Connected
egg tray: monitors number of eggs left
• iCPooch: device that provides direct real time and
recorded communication to your pets (so they won’t feel lonely while you are
gone)
• Fitness
devices, including for dogs!
• Secure
pet door monitor: pet door opens only
for those pets wearing an ID and tracks use
• Refrigerator
monitor: Alarms to your mobile device if
there is refrigerator problem
• GoPro
camera
• Next
generation Google Glasses: Safety glasses
that monitor your environment, provide instructions and safety warnings as you
do tasks; eg, home repairs to refinery blowout containment
• Window
shades
• Your
smart TV
• Your
smart phones
• Vehicle
control systems
Tools and References for IoT Security
• References
available through this site
• Google
search (using safety extensions)
• Have
you been hacked: web sites that check
your id
• Very
Technical, Authoritative
• Not
so Techie
Lastpass
Homework
• Either
print out or download the pdf and read Part 1 of “Staying Safe on the Internet”
• If
you have a computer or laptop, install Lastpass on it
No comments:
Post a Comment