TrustPoint Blog

DEF CON held its 24^th convention this August, highlighting the ever-growing cost of implementing security as an afterthought—and new executive survey data shows that security is becoming the number-one technological priority for businesses.

The DEF CON 24 Experience

The annual hacker conference held another successful event, featuring interesting discussions that show that as the IoT market grows, so does the opportunity for hackers.

Cyber Grand Challenge: Seven teams were asked to create a “cyber reasoning system” that could autonomously exploit and patch security flaws. Machine learning tools like these could become incredibly common, bringing an unprecedented level of scale to digital operations.

IoT and Poker: One attendee paired a Bluetooth scanner relay with a phone to identify AR codes on playing cards mid-game. This will not affect only casinos; it also raises questions about the future security of public AR codes and security-sensitive environments that allow wearable technology.

The $5 DDoS Attack: One attendee hacked into a node for the Internet2 (a higher education research network with incredible bandwidth and speeds), and then created a botnet with an operating speed of 3.7 terabytes per second. That clocks in at twelve times the power of the infamous Spamhaus DDoS attack, currently the most devastating DDoS incident on record. A single node can be blocked via its subnet today, but that kind of network speed will be commonplace in every home at some point.

The Wall Street Journal: Survey Roundup: IoT Brings New Risk Concerns for Firms

The Wall Street Journal recently collected a series of telling statistics illustrating corporate readiness for the Internet of Things. With DEF CON 24’s recent revelations in mind, they provide a clear impetus for IoT security in the near future.

• Only 30% of the companies interviewed said that they feel ready for IoT
• 34% of companies feel confident they accurately track IoT devices
• 78% of companies fear IoT devices being weaponized for DDoS attacks
• 36% of 500 executives from mid-sized companies put managing security risks as #1 tech priority
• The Herjavec Group projects a $6 trillion collective cost in security breaches by 2021
• Imperva reports that DDoS attacks increased by 211% between April of 2015 and 2016

It isn’t cause for alarm yet, but there is a clear need to adopt more sophisticated security systems before standards fall behind entirely—especially since the average breach costs $15,000 for small and medium businesses at present.

Real-Time Insights

“Blockchain” is, conceptually, a technological shift from highly private systems with a centralized trust centre to a publicly accessible system with private safeguards in place for all parties. It is also the future of the IoT because it lets different devices and their applications communicate with each other efficiently. That is one of the core benefits that the IoT is expected to bring—and it will underpin additional benefits like:

• P2P sharing
• Real-time feedback or equipment condition tracking
• Immediate malfunction notices
• Trend analysis

Despite those benefits, there is not enough trust in this kind of application yet because it reduces the individual’s privacy. Users aren’t just disclosing information to one vendor in this scenario—they are disclosing it to every vendor whose app connects with the original. No company wants to compromise users’ personal data, but the public perception is that a single security breach could compromise the whole network. The CIO Review also cites public trust and privacy as key challenges to overcome before committing to smart cities as we envision them.

These benefits will become apparent in a wide swathe of industries, from insurance to logistics and everything in between, but August’s key takeaway is to design security into your system from the very first stages of each project. The Internet of Things will need to preserve privacy and earn public trust before we can begin enjoying the convenience it will bring.

Contact us at TrustPoint Innovation to learn how you can incorporate proactive vigilance into your designs from day one.