There is one thing the Black Hat Conference always seems to accomplish; every year there is some kind of wow moment that captures national interest. This year, the Internet of Things (IoT) certainly made the spotlight. As reported by ABC News on Thursday, August 6th, all eyes were on car hacking after hackers were able to take control of certain functions in a Jeep, including transmission and braking, from miles away.
“Those are the kinds of reports that open eyes to the realities that are out there on the cyber front,” says Joe Caruso, founder and head of Global Digital Forensics (GDF), “shock value always helps things sink in.”
“It’s not some distant future world we’re talking about, it’s unfolding today,” says Caruso. “And it’s not just Jeep, Fiat Chrysler made recalls, Tesla Motors already issued patches related to cyber vulnerabilities and a lot of money is involved all around. Maintaining trust a big deal, and with every new “thing” that gets connected to the Internet, more holes exist that allow hackers to stir up trouble. It doesn’t stop with cars either, not by a longshot. Who would have thought just a few years ago that hackers accessing a sniper rifle would have to be a concern, or a washing machine, a refrigerator, a medicine cabinet or a medical implant. Fact is, they are all entry points that now have to be scrutinized, or a company striving to make things more convenient for customers may just find they shot themselves in the foot for all their efforts instead. From new digital gadgets toapplication security, it all has to be on the table and considered from a security perspective. It’s hard to keep up, but that’s what we help clients do. We look at their big picture, help figure out where they are vulnerable and what they are vulnerable to security holes can get plugged. And if litigation becomes a concern or a reality, the Internet of Things may introduce an entirely new playbook when it comes electronic discovery (eDiscovery) which we can help with too.”
Responding to the unthinkable
“The mantra in today’s cyber threat landscape has to be this,” says Caruso, “cyber threats are evolving every day. Threats no one ever saw coming will pop up, or someone will slip up and leave an opening an attacker is just waiting for. The difference between survival and total demise will all come down to how an organization responds. One of our biggest strengths in the security industry are our 24/7 emergency incident response teams, strategically positioned across the country and the globe to ensure we can have boots on the ground within hours, not days, to almost any metropolitan area. But most of the time we work even faster than that, with remote response options, in many cases, which allow us to be instantly on the job. Anyone can call us in an emergency, but clients that use us for our vulnerability assessments and pen-testing have some big advantages; we’ll already know the lay of the land relating to their requirements, regulatory compliance issues, data flow and digital architecture, and we will have already helped them devise and/or improve their emergency response policies and procedures so they have an easy-to-follow road map and escalation matrix ready to be executed at the first sniff of trouble. Our clients can also have us waiting in the wings with the “no-retainer” response services we offer our pen-testing clients. If something happens, we’re a phone call away and can jump right in knowing exactly what’s what so we can respond as efficiently and cost-effectively as possible, and if nothing happens, having us on call won’t cost them a thing. And that’s as close as you can get to a no-lose scenario in today’s digital world. Black Hat 2015 offered up a lot of FUD (Fear, Uncertainty and Doubt) again this year, but we’re here to get you through whatever you actually encounter in the real world.”