October 5, 2017

To Stay in Business, You Need Physical Cybersecurity

7 minute read

Security cameras watching pedestrians: Cybersecurity

Physical cybersecurity: It’s the new hot-button topic making its way into security news feeds. So why are companies intent on ignoring the warning signs? Efforts to outsmart hackers need to adapt, and quickly.

We know cybersecurity is still under heavy containment. Why? Because security teams weren’t ready for its impact, now or in the past.

Travel back to 1988, when the Morris worm attached to a weakness within the UNIX system. Computers slowed down to a crawl, and were effectively inoperable. As the years passed, attacks became more sophisticated, and eventually found their way into governmental infrastructures.

Fast-forward to the NASA incident in 2008, when they announced a virus named Gammima.AG found its way into laptops carried on board the International Space Station.

The Pentagon was targeted three months later by a worm known as agent.btz. “[A] foreign intelligence agent used a flash drive to infect computers… Plugging the cigarette-lighter-sized flash drive into an American military laptop at a base in the Middle East,” a report by the New York Times describes. Despite the harsh lessons of cyberwarfare given in the past, history is set to repeat itself.

Enterprises are all-hands-on-deck to clean up the aftermath of their latest security fiasco. Usually it’s a costly one. Cisco’s 2017 Security Capabilities Benchmark Study reported over one-third of organizations hit by an attack suffered 20% loss of revenue. Of those, 49% admitted defamation of their business as a direct result.

It doesn’t stop there: Cyberattacks often get personal. Earlier last month, Equifax suffered an enormous security breach, leaking highly sensitive information of 143 million Americans. Full names, addresses, birth dates, and even social security numbers were all compromised, along with 209,000 credit card numbers.

Cisco linked the flaw back to open-source software called Apache Struts, used among many websites to add interactivity. According to WSJ, it “powers part of the website where consumers can dispute errors in credit reports.”

Equifax customers caught in the crossfire then wonder, “What can I do now?” The best way to stop any potential fraud (identity, credit cards being issues without consent, etc.) is to freeze your credit.

Unfortunately, it’s another avoidable scenario. Companies like Equifax are showing their true colors when it comes to weak security measures. Equifax recently made headlines again with their Argentine operation online employment tool. BBC News stated users could access it with the simple login and password “admin”. Even with nearly 30 years of cyberattacks, the same errors are being made, and we’re not prepping for new threats.

Physical cybersecurity is one of those emerging practices. It’s expected to follow the same preventative blueprint as plain cybersecurity, but it can’t. We’re familiar with cyberattacks in general, but BYOD and IoT pose their threat physically.

We think of the human-to-human communication between IoT devices and forget the machine-to-machine aspect. AI and machine learning are no exception. Just look at the machine learning software development tools reportedly packaged with the recently announced iPhone X. They’ll bring more advanced solutions to the masses, but how often do we think about how these machines talk to each other, and what information they’re extracting?

Your phone is not only making calls to your friends and co-workers. It’s also pinging packets via Wi-Fi and using locational context to track your location. An individual can have best practices with IoT devices, but not give a second thought to control between machines. It’s those unforeseen details that lead to physical device compromises.

We see the consequences every year. In 2010, the Children’s Medical Center of Dallas suffered a breach when an employee left their unencrypted Blackberry at an airport. It contained the electronic protected health information (ePHI) of 3,800 individuals and cost their organization $3.2 million.

Just last year, the Mirai botnet attack targeted high-profile companies and websites by infiltrating IoT devices including IP cameras and old routers accessible via the internet and exploited for their weak software, often set to factory default.

“Mirai is a worm-like family of malware that infected IoT devices and corralled them into a DDoS botnet,” explains University Professor Michael Bailey in his analysis of the attack’s impact. In its peak, Mirai spread to 600,000 infections and used in-house IoT devices as a gateway.

“As long as organizations treat their physical and cyber domains as separate, there is little hope of securing either one. The convergence of cyber and physical security has already occurred at the technical level. It is long overdue at the organizational level,” says Scott Borg, Director of the U.S. Cyber Consequences Unit.

Think of this scenario. An unknown device slips into one of your engineer’s backpacks, listens to confidential conversations in your weekly board meeting, and now has access to your company’s proprietary information. Physical cybersecurity is a different monster altogether.

This is exactly what Indoor Positioning Analytics (IPA) is determined to solve. Our indoor security solution, Inpixon Aware gives you three-dimensional cyber situational awareness of your indoor space by continuously monitoring wireless, cellular, Bluetooth and RF signals. IPA delivers prudent, efficient business value. It’s an answer to physical and cybersecurity issues.

Tech advances are making leaps and inventions to protect us, yet the market is not acquiring those technologies. If we make the right security investments in the face of IoT and BYOD, we’re preemptively thwarting attackers, rather than waiting for the next breach.

Topic(s): Security

Soumya Das

Throughout his career, Soumya Das had been recognized for his leadership and innovative approach to product and strategic marketing coupled with meticulous execution. As COO, Das leads Inpixon’s operations including strategy, research & development, marketing, and customer success, driving them to achieve ambitious goals. Prior to his time at Inpixon, Das saw marketing teams of several start-ups to large enterprises through multiple acquisitions. In addition to an MBA from Richmond College in London, Das also holds a Bachelor of Business Management degree from Andhra University in India.

Related Blog Posts

Subscribe to Blog Updates