- CyberCrime Center
August 25, 2014
The Internet of Things Brings Huge Promise and Monster-Size Security Headaches
Proponents of the Internet of Things talk about its great promise. Kenneth Corbin, in his piece (link to article) on itworld.com writes, “Household appliances could modulate their power consumption to avoid peak load times. Sensors placed along railroad lines could relay temperature data that could help preempt track failures. The same could be done for bridges, tunnels and other pieces of the nation’s fraying infrastructure.”
Corbin notes a pilot project in Maryland where 14 sensors in an apartment building monitor for smoke, heat, carbon monoxide and other potential danger signs, “relaying them to a cloud service that dispatches emergency responders if a problem is observed.”
The brave, new world of the Internet of Things comes with many of the problems of the old world – only magnified by the negatives possibilities. Corbin cites Randy Garrett, a program manager at the Defense Advanced Research Projects Agency (DARPA) who “worries that, in the exuberance to embed sensors in a galaxy of devices and bring them onto the network, backers of the Internet of Things will unwittingly create a virtually limitless set of new threat vectors.”
Garrett observes that despite computer users’ tendencies to not pay as much attention to security as they should, “many people are at least aware that the threats are out there and will often exercise some restraint in not clicking on spam links or avoid setting their password to “password.” (editorial comment: Can you say the same thing about the average waffle iron? Okay, there are instances where a waffle iron might be more security savvy than some computer users.)
Garrett points out that the infamous Target breach resulted from Target’s heating and air conditioning systems being connected to the internet to make servicing more accessible for a contractor. Of course, as history demonstrates, it also made the enterprise more accessible to hackers.
On the Internet of Things’ plus side is what can be done in healthcare where patients would be able to monitor such things as glucose levels and blood pressure and instantly send the data to their healthcare provider. Michael Chui, a partner and senior fellow at the McKinsey Global Institute observes, “That’s a much better set of data in which to diagnose and manage diseases.”
And Chui suggests solutions to issues facing the Internet of Things might be found in “rethinking” organizations and their traditional roles and processes. In a current retail environment, Corbin writes, “the CIO’s involvement in store operations might be limited to the cash registers, point-of-sale systems and back-office operations. In [an Internet of Things] world where mobile payments are a reality and items on the shelf are expected to interact with shoppers’ devices, though, the tech team must take a more hands-on role.”
“It’s a tremendous number of organizational challenges when you start integrating the physical world with the virtual world.” Chui adds, “You have to change the way you make decisions if you’re going to use the Internet of Things effectively.”
For another read on The Internet of Things, please take a moment to read a previous blog from Andreas Baumhof, ThreatMetrix chief technology officer: “Have You Remembered to Friend Your Refrigerator? The Internet of Things is Here and Growing Fast. But One Exopert Warms It May Be ‘Patch as Patch Can’t.'”
ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, Building Trust on the Internet, CNP fraud, Context-Based Authentication, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Cyber Warfare, Data Breach, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Internet of Things, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, Trust Tags, TrustDefender Cybercrime Protection Platform, Web Fraud