Beware the Cyber Security House of Horrors!

Oct 30, 2014

Ghosts. Ghouls. Zombies. Multi-stakeholder content audits. This Halloween there is no shortage of terrors lurking to keep federal Web managers up all night, and our work is largely done in one of the scariest domains of all: cyberspace. Every moment of every day, a vast system of computers and networks are actively working to support virtually every aspect of modern life, and along with it creating opportunities for Internet trolls, goblins, and other nefarious villains to target and exploit all manner of personal and professional information.

October is also National Cybersecurity Awareness Month, and it is a great time to look at how we can help our agencies (and each other) be safer and more secure online. You may have heard in the news about high-profile incidents like data breaches at large retailers that expose customer information, but the even scarier reality is that cyber attacks happen 24/7 all over the world and have the potential to affect a broad range of aspects of our lives, including transportation, our economy, agriculture, essentially anything that is connected to a network. In this post, we’ll take a look at how the fast pace of connected technology creates cybersecurity challenges in the devices we use at home and at work, and look at few simple guidelines that can help us stay safer online.

Not scared? Here are some things to consider

  • It’s estimated that approximately HALF of Americans have been hacked in the past year.
  • These attacks have compromised systems across government and the private sector.
  • The graphic below is visualization from cybersecurity firm Norse that maintains a network of 8 million computers simulating potential attractive targets of information like commerce and corporate databases. These attacks largely come from automated bots.

Real-time data visualization of cyber attacks (this is only showing 1% of what they track!) (Source: NORSE)

The “Internet of Things”

While it sounds like it could be the name of a scary movie, the “Internet of Things” refers to the growing group of devices that can send and receive data over the Web. These devices often talk to each other and include different types of sensors to make that data more useful, and in turn make our lives easier. While the most common device now is typically a smartphone, here are some other ways connected devices are becoming increasingly popular and will present new security concerns we need to keep in mind.

  • Wearable devices (example: FitBits, Jawbone, Google Glass) can track physical activity, diet, and sleep habits that can help us live healthier lives. (But also store and transmit a tremendous amount of personal data & habits.)
  • Appliances can be programmed remotely and even automated to perform actions under conditions we choose. Thermostats and lights may be set automatically, ovens may be preheated or turned off, and utility usage can be monitored. (While connected and accessible can make many things more cost effective and useful, all track usage data that may provide unintentional indicators of potential security concerns like not being at home.)
  • Home Security Systems with network connectivity can offer tremendous peace of mind with access to features like remote monitoring of video cameras, alarm notifications, and the ability to arm or disarm the system remotely. (But also have the potential to be compromised and exploited.)
  • Cars will increasingly have the ability to interact and connect with our smartphones, providing valuable services like maps and directions as well as alerting us when service is required (and like the devices in our homes continue to track and store valuable data on our daily activities).

The “Internet of Things” will continue to change our lives at a rapid pace. How quickly? Here are some predictions:

  • 25 billion devices connected to the Internet by 2015; 50 billion by 2020! (Cisco IBSG)
  • 4.5 billion users on mobile devices; 1.75 billion users on smartphones!
  • 750,000 spam emails sent during a two week period spanning December 2013 and January 2014 by Internet-connected devices (like media players, smart televisions, and even a refrigerator) as part of a network.

How scary is this really? Consider the case of a Forbes journalist who was able to access a complete stranger’s entire automated home after a simple Google search, gaining access to remotely control many devices in the house. Like the malevolent spirits portrayed in movies like Poltergeist, an attacker could turn lights and the television on remotely, or any other device connected to the network. By simply not changing the default passwords on these new types of connected devices, the home was left vulnerable. Potentially even more terrifying is the possibility that a compromised connected home doesn’t have such obvious signs of being compromised, and instead just left silently doing the work of the very real people attacking it rather than the fictional outbursts of unhappy spirits.

The reality is that the “Internet of Things” is already here and can easily be compromised and exploited in ways that we may not realize. Here are 3 simple steps from the National Cyber Security Alliance about what you can do to stay safe as you connect more devices at home and at work.

  1. Keep a clean machine
Just like your laptop, smartphone, or desktop computer, any device that connects to the Internet has the potential to be compromised by things like viruses and malware. Watch for updates to your devices, and watch out for any unusual change in the way a device functions.
  1. Think Twice about Your Device
Just got a new fitness monitoring or other connected device? Read the details on how it connects to the Internet, and what information it tracks and where it is stored. There will often be a website or other online service where your data may be accessible, and you’ll want to make sure it’s secure.
  1. You are Only as Strong as the Network to Which You Connect
All of these devices will generally connect through your networks at home and at work. Follow your provider’s instructions to make sure your networks are properly secured, your passwords are strong, and your software is up to date. If an attacker is able to get in through wireless network, there’s a very good chance they’ll have access to every connected device as well.

With a little knowledge and some active vigilance, the benefit of the Internet of Things can be enjoyed without compromising our safety online. Knowing, as the old saying goes, is half the battle.

For more information about cybersecurity, check out the STOP.THINK.CONNECT. website.Jordan Higgins is a Web and social media manager in the Office of Corporate Communications at the Defense Intelligence Agency, and an active leader in the Federal SocialGov Community. The views expressed in this article are the author’s personal ones.