Unsafelok Threat Highlights It’s About Both IoT Devices and Applications
IoT devices and applications exist all over the place, and in high volume. Today’s news brought yet another example of how the scale of IoT systems leads to the conclusion that their security is deeply dependent on automation. Security researchers announced a hotel keycard hacking technique called “Unsafelok” which enables ... Read More
Survey on 2024 IoT Security Crisis
Surveys play an important role in setting strategy and choosing how to address a difficult situation. Organizations today are urgently in need of addressing their IoT security situation; it’s the fastest growing part of the attack surface overall and the one security area most likely to be made worse by ... Read More
The Coming End of Biometrics Hastens AI-Driven Security
Until recently I thought we had a lot of time ahead of us to be secure in using biometrics to authenticate who I am and what I should have access to. But then this morning I came across a story about GoldPickaxe, a app-based exploit aimed at gathering facial and ... Read More
Confessions on MFA and Security Best Practices
The last couple weeks have brought a few discussions on the topic of multifactor authentication or MFA (sometimes also referred to as 2FA or two factor authentication). These discussions have been driven by the SEC’s X (formerly known as Twitter) account being hacked in order to goose the price of ... Read More
The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security
As the shock starts to wear off from hearing that a window blew out on a recent Alaska Airlines flight I came across research from our partner Nozomi Networks that might help to explain what happened (or could happen). As reported in Ars Technica (Hackers can infect network-connected wrenches to ... Read More
10 IoT Security Predictions for 2024
Against a backdrop of uncertain economic conditions and geopolitical unrest, 2023 nears its end. But it isn’t all bad news. In the race against cyber criminal gangs and malicious threat actors in 2023 major catastrophes have not materialized, and the state of cyber defense is stronger than ever. New solutions ... Read More
Extending Cybersecurity Awareness to IoT Devices
We’re at the end of Cybersecurity Awareness Month, which is a good time to reflect on where your organization needs to improve and extend it’s cybersecurity efforts. If you’re like most organizations the answer is IoT devices and applications; it’s the fastest growing attack surface for most organizations and on ... Read More
MGM’s IoT Cyber Attack and Its Implications
What if all the IoT devices in your organization (and deliver revenue and profits) all were shut down for 10 days because of cyber attack? This isn’t a theoretical, it was the reality for MGM over the past few weeks as their slot machines, door locks, ticket payment systems, and ... Read More
Agents are a Dead-End for IoT Security
Yesterday I did a webinar that raised a question I was not expecting – isn’t debating agent-based versus agentless solutions for IoT security a pretty esoteric point, and aren’t there a lot more important things to be discussing on the topic? Emphatically the answer is no; understanding the requirement of ... Read More
Reflections on RSAC and IoT Security
Earlier this month in San Francisco was the annual RSA Conference, drawing together 45,000 of our fellow colleagues to discuss, strategize, and implement solutions to make our (cyber)world more secure. Given Viakoo’s focus and innovation in IoT vulnerability remediation and cyber hygiene it was a great conference for us, and ... Read More
