The Riskiness Of Building The Internet of Things

The Riskiness Of Building The Internet of Things

Imagine roads where driverless cars are everywhere. You no longer own a car; you simply call for one when you are ready to leave.

Imagine a refrigerator that anticipates your moves. It can order foods as they become low or run out. You can plug in what’s for dinner, and have it place an order based on your needs.

Imagine a bracelet wrapped around your wrist, monitoring your important vitals. If can remind you when to take medicine, record your daily activities, even make suggestions via your doctor on ways to improve your life.

Doesn’t sound so futuristic, does it?

The Internet of Things is changing our world like never before. It’s  opening up the doors for exciting opportunities. And with it comes the good and bad.

Right now, the Internet of Things is being created resembling the Wild West. We’re taking what we know about Internet growth and applying all we’ve learned to this new frontier. But is that the right way?

First, it’s important to understand the magnitude of what the Internet of Things will bring to the table.

When the Internet first entered our lives, we accessed it via one machine: a computer. It was relatively easy to teach someone how to keep their computers safe; updates and patches were mandatory.

But the Internet of Things goes beyond a stand-alone computer on our desk. It touches almost everything in our lives. Hitting “yes” when your mobile device asks if it can upgrade an app is easy; will you remember to upgrade your refrigerator on your own?

It’s not just upgrading that will keep you safe and secure. It’s also about privacy. Your refrigerator may know when you run out of double chocolate ice cream; it may order it for you on a regular basis. But do you really want to provide that information to marketers without your knowledge? You may not care about your ice cream habits, but what about more sensitive areas of your life?

Because once everything in your life is connected and running via AI technology, your whole world will be an open book. You’ll ask different questions. You’ll be faced with new challenges. Legal and policy challenges will bear their heads.

Will your mobile device be considered expert material on the witness stand?

And what happens when certain technologies go away, companies fail, or simply change course?

If no one is there to update and monitor a technology, will we have to throw it away?

Will we have abandoned “cities” where nothing but the old technology exists between the walls?

While we can and have allowed the Internet of Things to develop in Wild West magnitude, it may be time to stop and think about our future. Should underlying protocols be in place? Should we be planning for universal design rather than allowing everyone to approach it on their own? What will our world be like in 10 years, and what will we do if nobody is there for updates and patches?

While the answers might not affect us much today, they will be a part of our daily lives tomorrow.

Avoiding A Watering Hole Attack

It’s the water that brings them in. They stand around getting their fill. They sip quickly, nudge those close by for a little more. They stand together, band together.

And then, when they least expect it, the predator attacks. He lurks unseen, camouflaged from view. He watches for the perfect opportunity. And then feasts.

Nope, I’m not talking about the latest documentary on the nature channel. Instead, I’m talking about something that is very real in the business world.

A watering hole attack is a security exploit in which an attacker seeks out a specific group of end users by infecting websites the group is known to frequent. The goal is to create as many holes as possible within a particular area to provide ample opportunity for gaining access to the network they desire.

Watering hole attacks aren’t fringe websites where your employees shouldn’t be. Instead, watering hole attacks stem from legitimate, popular websites they not only frequent regularly, but you also encourage it.

The attacker profiles his targets, learning who they are, what functions they serve, what they have access to. Then they look at what websites they frequent. Their goal is to find weak sites where vulnerabilities exist. They want to easily slip in and out, injecting malicious JavaScript or HTML code that redirects the target to a separate site where malware resides. Then the compromised site simply sits and waits.

They typically choose well-known well-regarded websites that carry a lot of clout within an industry.

For example, The Council on Foreign Relations, a Washington DC based think tank that provides foreign affairs resources to government officials, journalists, and business and education leaders was hit by a watering hole attack and hosted malware for several days that it installed on unknowing visitors to the site.

 

In another instance, a Forbes ad server was hacked, and from there, visitors from government and bank networks were compromised and used to infect target networks.

While watering hole attacks aren’t the most common form of gaining access to information, they do pose a considerable threat when initiated because they are difficult to detect. They usually target organizations with valuable information and a lot to lose.

And training an employee is difficult at best. You can teach someone to recognize a phishing scam, but how do you teach an employee to identify if a legitimate website has been compromised?

Anticipate Updates

In most cases, the software and programs you use throughout your business announce when updates are coming. Watch for updates and make it mandatory that every department installs patches and upgrade systems immediately when they become available.

Monitor Traffic

If you understand what a normal day looks like, spikes in traffic will stand out. If your security solution inspects all network traffic, you can quickly see when oddities occur.

Analyze Behavior

Selecting a behavioral analysis software to add even more protection. It can detect when unusual user behavior occurs, such as a laptop sending confidential documents outside peak hours.

Watch Popular Websites

Sometimes the best way to stay safe is to watch what others are doing. What are the top sites your employees visit? What’s your relationship with their management and security team? While it’s not imperative to have friends on the inside, just visiting their sites and monitoring their traffic and news can help you stay on top of what’s happening on their sites. If you detect malware on a site, block traffic immediately and contact the owner.

Yes, watering hole attacks are just one more item for an IT department to watch for to ensure a data breach doesn’t occur. But by being aware of its occurrence, it gives you a better chance of finding threats early in the game.

Should You Make The Move To G Suite?

Should You Make The Move To G Suite?

Just a few months ago, Google rebranded its Google Apps for Work enterprise cloud suite to its new name G Suite. Its intent is to go head to head with its top competitor, Microsoft Office 365.

In many ways, Google has set the standard for cloud application based systems. In a short amount of time, they have proved that you don’t need a program sitting on your desktop in order to be successful. They have proved that a browser window is all you need to create a fully functional client for common office applications such as word processing, spreadsheets and more.

That means your apps will work smoothly and consistently from wherever you choose to access your information, from the office or the road, from your desktop or your smartphone.

It also means that Google offers everything in one neat package. Email, calendar, team collaboration, personal and team file sharing, document creation, spreadsheets, presentations, audio and video calls, even its own internal security and compliance is all there ready and waiting for you on a pay-as-you-go basis. You only pay for the users who use G Suite instead of loading up software that can go untouched.

What’s holding you back?

Maybe you have programs already in place. You’re comfortable with them. They work for you. Why change? Many businesses start with a small team using G Suite while others in the company stick with the old systems. The great news is G Suite is compatible with most of the old file formats: .doc, .xls, .ppt. Which means teams can go back and forth using the old and new formats to get work done faster than ever before. We usually find that once people see the power of working online, they end up phasing out their old tools completely as they discover the real power of being able to collaborate and use tools from anywhere.

But Google has free products; why should you pay for G Suite?

Google does have a variety of free consumer based products. Using them can introduce you to the features and control they offer for running a business. With G Suite, you get things like a professional, business-grade email system, and extra storage for Gmail and Drive. You also get some crucial advantages like security management and full administration of all your user accounts.

Why should you work with a G Suite provider?

It starts with migration and management support. You don’t know what you don’t know. And when integrating a new platform throughout your business, it can have significant implications if it’s not done right. The more people you have to manage, the more G Suite systems you choose to operate with, the more support you’re likely to need along the way. That’s where working with a provider really becomes handy. That way you can focus on what you do best while getting the data you need to analyze and see the big picture. You worry about your business, we deal with things like the implementation and licensing for you.

How could working with G Suite improve the way you do business?