High technology- How smart is it to use smart technology?
 |
High Technology |
When I mention that I work in the Information Security space, I constantly
get a response like “ oh, that’s great, because that’s all the new stuff.” It
seems everyone thinks cyber security came onto the stage in the last 5 to 10
times, which is when they would’ve heard about security breaches. But is it
actually that new?
I remember pictures from the 80s that dealt with computer hacking and cyber
warfare. In the real professional world, one of the most common vulnerabilities
in web operations was SQL Injection, which was first explained and listed in
1998. SQL Injection is rated as “ easy to exploit” and with “ severe” impact,
meaning it's a veritably dangerous vulnerability. It has been 22 times since
also, so where are we now?
New day, same problems
Well, some effects have stayed the same … OWASP ranked injection
excrescencies (the type of excrescence SQL injection belongs to) as# 1 in their
Top 10, the ten most critical web operation security pitfalls for 2017 ( also
at that spot in 2007, 2010 and 2013 editions). Injection excrescencies mean a
vicious stoner can make an operation execute statements it wasn't supposed to
execute by fitting them in a way that the operation is tricked. This is possible because the law wasn't written duly. The consequences? You name them
- unauthorized access,
- lost control of a garçon,
- database dump,
- all of the below
- How can that be? How is it that we've evolved the technologies to make web operations from what we had in the 90s to what we've now, yet we still can’t figure out how to decode to help an injection excrescence? Laws and regulations on this matter aren't new; HIPAA came to the light in 1996, GLBA in 1999, PCI DSS in 2004, all with the thing of guarding consumer data and sensitive information.
- That’s further than 20 times agone, and still, we're trying to break the same problems, not to mention the new challenges technologies have brought to the table.
- Internet of Effects (IoT) is an intriguing conception, one in which billions of smart particulars can be connected, and the convenience of participating data helps to make life easier. And it clearly does! Of course, is easier to take an ultramodern auto to the dealer and plug it to have the computer report what's wrong. It's veritably accessible to have my house controlled through my cell phone to turn on the lights or let someone in ever.
- It helps to see who's knocking on my door using live sluice videotape from the security cameras while I'm down. It's handy how we can use a voice agent to turn on the Television, put on some music, or indeed look commodity up on the Internet. It's lifesaving when a trendsetter or an insulin pump can be controlled and automated to stabilize a person’s health condition. All that's simply stupendous!
New day, new problems?
- Let’s get to the “ what-if” part of this discussion.
- What if my home adjunct is harkening, and presumably recording what we say at home? Perhaps I'm not agitating plans to commit a crime or conquer the world, but it's still my private life. After all, it happed ahead with Samsung Smart TVs. ( See then)
- What if a person can sit in their auto near to your home, just in range of your Wi-Fi, exploit a security vulnerability in the Amazon Ring, and gain control of your home security system? ( See then)
- What if not only the auto dealer can connect to your auto, but also someone differently can take advantage of its insecure design to ever connect and fully control your vehicle? I'm not talking about only the radio or the AC, but the thickets, the machine, and the steering wheel, too. ( See then)
- What if the fancy and accessible features in a new auto, like using a crucial fob to open and start an auto, can be used by vicious people to steal it from you indeed lightly and briskly? ( See then)
- Also, what if an evil person could give you a shock, or help it from passing when demanded, by controlling your trendsetter’s exertion? ( See then)
- Or control an insulin pump the same way? ( See then)
- We're still living in a world where effects are created, and also security is renovated after the fact. Unfortunately, security being renovated after the fact could mean after information or controls are stolen after sequestration is compromised after accidents are after children go missing after people die.
- So should we stop using these innovative technologies? In my opinion, it's not about not using it, but about measuring the threat it implies and taking the proper way to cover yourself, either when configuring the outfit, or with fresh caution that you tête-à -tête need to take to avoid or alleviate these downsides.
New problems, new results. secure IoT locked IoT unlock
- Since IoT is getting a worldwide miracle, should not we formerly have professional security testers examining IoT products before they go to request? The US has the FDA to test and authorize medicines before we can acquire them, and the FAA to validate new airplane designs and features, so I don't suppose I'm that out of line.
- In the end, companies need to understand that security testing NEEDS to be part of the product development cycle. It should be our responsibility as a society to demand Still, companies would need to invest more in erected-in security from the morning to lower their costs and accelerate their go-to-request plan, which would give them a competitive advantage, If those post-development tests affect the cost of product development. The increased competition would latterly make erected-in security an assiduity standard, meaning further secure products for further members of society.
- As my uncle John used to say “ You may say I ’m a utopian,” but I would like to add the word “ Secure” and have IoT in our world. Else, if the threat is too big, I might end up concluding for the huge vexation of taking out my cell phone and wasting many clicks to play music on my “ dumb” Bluetooth speaker. just sayin'.
Great article
ReplyDelete