Emerging Cybersecurity Vulnerabilities

Emerging Cybersecurity Vulnerabilities

Cyber Security Consulting Ops provides consulting services in the following areas.
Unified Threat Management, Enterprise Security Solutions, Threat Detection & Prevention, Cyber Threat Protection, Threat Protection, and Network Security. We work with larger or smaller businesses and homeowners. We fully acknowledge the threat landscape is growing each day. Regular Antivirus is not sufficient anymore. Network and anti-malware protection have to be implemented together as well as customer education. This is how our company can educate all our clients about cyber security. There are various threats that we would like customers to be aware of. They have connected devices under IoT (Internet of Things) devices. Smart T.V. and other smart home devices.

The question is no longer if or when you will be breached but rather how often and how severe the breaches will be. But even more important is whether you will be adequately prepared to:
” Detect attacks
” Quickly recognize a breach
” Effectively remediate the attack
” Accurately assess the damage
Three Approaches to Security Readiness
Proactive. Proactive companies have above-average degrees of security readiness, even though they are not as high as progressives. Visionary companies realize the significance of I.T. security. They have put in place basic steps to avoid breaches. However, they are not as likely to use technologies such as tokenization to minimize the value of data that hackers could compromise. C-level executives pay attention to security and realize they are vulnerable to breaches. Proactive tend to perform monthly reviews of their security position and regularly perform risk assessments. Their primary motivation for using enterprises is to supplement the bandwidth of their internal security team.
Reactive. Reactive companies have below-average approaches to security readiness. C-level executives pay moderate awareness to security while delegating security expertise and day-to-day management to I.T. Reactive companies realize they are at risk of breach and are aware of the many violations. They respond to violations on a case-by-case basis. They perform quarterly reviews of their security stance and third-party risk assessments. They look to third parties to supplement their internal expertise.

Passive companies will consistently get breached.

Passive companies are the least security ready. At passive companies, C-level executives take a hands-off stance to safety with all knowledge and responsibility incumbent upon I.T. They would prefer that the I.T. security issue would go away, tending to be blind to most breaches and reactive in the aftermath of breaches they do detect. Reviews of passive companies’ security posture and third-party risk assessments are infrequent, occurring twice a year or less frequently. And they are much less likely to look to other people for help.
A lack of foundational security increases risk:
As IoT deployments escalate in both number and scope, one concern rises to the top of people’s cyber security agenda: Just 10% of respondents to the survey are fully pretty sure their
connected products are secure. Only 12% are highly confident about the security of their
business partners’ connected devices. Given that backdrop, it’s no surprise that more
than two-thirds (68%) of the respondents say their companies plan to invest in IoT security in
2018. One-half of those organizations are earmarking a minimum of one-quarter of their security budgets
toward the IoT.
All over the world, city, federal, and state governments, as well as other public-sector organizations, are leading the way in bringing the Internet of Everything to life. According to one of the companies that is leading the charge, there are many examples of how the Internet of Everything is raising the lives of citizens everywhere. Getting information quickly, which in some cases could be critical to saving lives, is really important. This is the exciting part of IoE.
But with every benefit, there are concerns. Today’s web has given access to all types of people with good and bad intentions. We now have all kinds of hackers, people spreading propaganda based on beliefs, and others things that I dare not mention.
So even though the Internet is and has been a great invention and is now getting ready to triple connected devices in our homes. It will bring a mixture of bad and good. The car, the house and all connected devices MUST be protected like never before. Businesses should be educated on all the downsides to free access to our homes and devices without restrictions. So unless security is at the top of our minds as we put IoE together, we will leave ourselves open to attacks worldwide.

According to Symantec:

As the Internet of Things (IoT) begins transforming entire industries

“As the Internet of Things (IoT) begins transforming entire industries, threats quickly evolve to target this rich and vulnerable new landscape. With each industry embedding computing and connectivity into a wide variety of devices, such as cars, jet engines, factory robots, medical equipment, and industrial programmable logic controllers (PLCs), the consequences of security issues are increasingly serious. Consequences include physical harm to people, prolonged downtime, and irreparable damage to capital equipment such as pipelines, blast furnaces, and power generation facilities, especially in the industrial IoT. In addition, IoT systems are often highly complex, requiring end-to-end security solutions that span cloud and connectivity layers. Resource-constrained IoT devices often aren’t powerful enough to support traditional security solutions”.
Here is another article from Dave Lewis from Forbes about security and IoE:
“One of the terms out there getting increasingly visibility is the “Internet of Things” or IoT. I’ll admit that I have fought hard against even invoking the term for fear some evil apparition would appear if I were to say it three times. But, alas, it has come to the point where I know I have to comment. I realize that when relatives are asking me how to tell if their refrigerator is online or not, it is well overdue.
Exactly which is the Internet of Things anyway? This refers to the interconnections between all devices with an addressable interface that can communicate online. Many devices now have embedded operating systems that introduce a wealth of new opportunities for the end user and ne’er do wells which may not have your own interests at heart. So whether it is your thermostat communicating with Google GOOGL -1.72%, Apple AAPL -2.86% Watch picking up your health data, your van receiving firmware updates, or your fridge sending you a text to remind you to pick up a carton of milk, it has arrived. The terminology first reared its head in 2009 in the RFID Journal. The article “The ‘Internet of Things’ Thing” by Kevin Ashton is given the hat tip as the point at which this all began.
From RFID Journal:
If we had computers that knew everything there was to know about things-using data they gathered without any help from us we would be able to track and count everything and help reduce waste, loss, and cost. We would know when things needed replacing, repairing, or recalling and whether they were fresh or past their best.
We need to empower computers with their means of gathering information so that they can see, hear and smell the world for themselves, in all its random glory. RFID and sensor technology enable computers to watch, identify and understand the world without the limitations of human-entered data.
A lofty ambition. Of course, the comedian that lurks in the dark spaces of my mind cracks wise about Skynet and evil robots from the future bent on our destruction. What is troubling is the possibility that security is not taken into account with these various implementations. All that data is is being harvested in an automated fashion, but who has access to the data? What type of information is being collected? Has my coffee machine been pressed into service by a foreign government? Sure, I’m being just a little facetious. But, it is not too far of a stretch to think that problems could be in the wings when you have devices that can monitor environmental controls, critical infrastructure such as smart grid, medical devices, and transport systems.
Businesses love the idea of the Internet of Things. It opens up new markets while providing more information on customer buying habits. I, on the other hand, sit back in my chair and look at the darker side of IoT. Case in point, how do you manage the usernames/passwords for your ever-increasing number of connected devices and appliances? What about the privacy of your information? For example, various Internet-connected camcorders with easily defeated security controls or baby monitors. These issues will need to be dealt with with sooner rather than later.
Recommended by Forbes
This summer, the Open Interconnect Consortium was developed. This organization purports to create a framework for the Internet of Things. From their July 7th press release:
Leaders from a broad range of vertical industry segments – from smart home and office solutions to automotive and more – will participate in the program. This will help ensure that OIC specifications and open source implementations will help companies design products that intelligently, reliably, and securely manage and exchange information under changing conditions, power, and bandwidth, even without Internet access.
It is nice to see that groups are popping up with the state mission to add frameworks to “securely manage” information being transmitted and at rest. However, there is a question that I have which is, are we too late? I was working on smart grid deployments seven years ago, and this group was announced in 2014. I’m hopeful that security will be taken seriously, but I must admit that I do fret as I think that the horse has already bolted from the barn.
What are the implications for the individual? Picture the newly announced Apple Watch as an example. This is a device that will know 1) who you are, 2) where you are via GPS, 3) What you’re doing via accelerometer and gyroscope, 4) your health and 5) even be able to monitor your mood. While I’m sure they have taken time to secure these devices, the ramifications could be significant if there was a failure. I once had a rotary phone, and to see that a Dick Tracy-Esque watch can monitor my health and act as a phone is amazing to me. I’m always enamored with new technology. The Internet of Things brings with it huge benefits, but, we must be sure to include security and privacy at the outset altogether.
We should not sacrifice security and privacy on the altar of convenience”.
In my opinion and warning, security should be front and center with anything we do online.
In the past year, we heard many breaches in many U.S. companies and government agencies. Many of the violations happened to companies and organizations with 100 times better security than what you would find in a house that may or not be protected by a wireless router or CMTS that may or not be password protected.
Consumers MUST be protected before big companies sell them products they have little to no knowledge of and expose them to risks that may steal their life savings.
New Cyber Security Companies opening as per Forbes:
-One Million Cybersecurity Job Openings In 2016
There’s an explosion in the cyber security field. Yet, according to the national government, over one million jobs are available, with very few people to fill these roles.
From Forbes:
“If you are thinking about a career change in 2016, then you might want to look at the burgeoning cybersecurity market, which is expected to grow from $75 billion in 2015 to $170 billion by 2020.
A knack for cat-and-mouse play may indicate that you have an inherent ability for cybersecurity. It is a field where good guys — cybersecurity professionals — are pitted against the bad guys — cybercriminals, a.k.a. hackers. Assuming you’d want to be a good guy – a career can mean a six-figure salary, job security, and the potential for upward mobility.
More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five years, according to a 2015 analysis of numbers from the Bureau of Labor Statistics by Peninsula Press, a project of the Stanford University Journalism Program.
A report from Cisco puts the global figure at one million cybersecurity job openings. Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million, says Michael Brown, CEO at Symantec, the world’s largest security software vendor.
If you are already in the tech field, crossing over to security can mean a bump in pay. Cybersecurity workers can command an average salary premium of nearly $6,500 per year, or 9% more than other I.T. workers, according to the Job Market Intelligence: Cybersecurity Jobs 2015 report published by Burning Glass Technologies.
For newbies to the tech field who are contemplating a career in cybersecurity, they will often start as information security analysts. U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs for 2015. They state the profession is growing at 36.5% through 2022. Many information security analysts earn a bachelor’s degree in computer science, programming, or engineering.
The most recent median pay for an information security analyst is $88,890 per year, according to the Bureau of Labor Statistics, which says the typical entry-level education is a Bachelor’s degree. The lowest 10% earned less than $50,300, and the highest 10% earned more than $140,460″.
The bottom line is cyber security breaches and identity theft is rising because of connected devices. We who are educated about cybercrime must take the time to use our companies, firms, and all resources available to teach others about the dangers of cybercriminals.
We at Cyber Security Consulting Ops will do all we can to help individuals protect theirs assesses against malware, phishing, or any social engineer threats that may arise to steal their data and make them a cybercrime target.

The question is no longer if or when you will be breached but rather how often and how severe the breaches will be. But even more important is whether you will be adequately prepared to:
” Detect attacks
” Quickly recognize a breach
” Effectively remediate the attack
” Accurately assess the damage
Three Levels of Security Readiness
Proactive. Proactive companies have above-average degrees of security readiness, although they are not as high as progressives. Visionary companies realize the necessity of I.T. security. They have put in place simple measures to avoid breaches. However, they are not as likely to use technologies such as tokenization to minimize the value of data that hackers could compromise. C-level executives pay attention to security and realize they are vulnerable to breaches. Proactive tend to perform monthly reviews of their security position and regularly perform risk assessments. Their primary motivation to use other folks is to supplement the bandwidth of their internal security team.
Reactive. Reactive companies have below-average approaches to security readiness. C-level executives pay moderate Creedence to security while delegating security expertise and day-to-day management to I.T. Reactive companies realize they are at risk of breach and are aware of the many violations. They react to violations on a case-by-case basis. They perform quarterly reviews of their security stance and third-party risk assessments. They look to third parties to supplement their internal expertise.
Passive. Passive firms are the least security ready. At passive companies, C-level executives take a hands-off stance to safety with all knowledge and responsibility incumbent upon I.T. They would prefer that the I.T. security issue would just go away, tending to be blind to most breaches and reactive in response to breaches they do detect. Reviews of passive firms’ security posture and third-party risk assessments are infrequent, occurring every six months or less frequently. And they are much less likely to look to any other companies for help.
A lack of foundational security increases risk:
As IoT deployments grow in both number and scope, one concern rises to the top of people’s cyber security agenda: Just 10% of respondents to the survey are entirely certain their
connected products are secure, and only 12% are highly confident about the security of their
business partners’ connected devices. Given that backdrop, it’s no surprise that more
than two-thirds (68%) of the respondents say their companies plan to invest in IoT security in
2018. One-half of those organizations are earmarking a minimum of one-quarter of their security budgets
toward the IoT.
Worldwide, city, state, and federal governments, as well as other public-sector organizations, are leading the way in bringing the Internet of Everything to life. According to one of the companies that is leading the charge, there are many examples of how the Internet of Everything is improving the lives of citizens everywhere. Therefore, havingg to get information quickly, which in some cases could be critical to saving lives, is important. This is the exciting part of IoE.
But with every benefit, there are concerns. Today’s web has given access to all types of people with negative and positive intentions. We now have all kinds of hackers, people spreading propaganda based on beliefs, and others that I dare not mention.
So even though the Internet is and has been a great invention and is now getting ready to triple connected devices in our homes. It will bring a mixture of bad and good. The car, the house, and all connected devices MUST be protected like never before. Consumers should be educated on all the downsides to free access to our homes and devices without restrictions. So unless security is at the top of our minds as we put IoE together, we’ll leave ourselves open to attacks worldwide.
According to Symantec:
“As the web of Things (IoT) begins transforming entire industries, threats quickly evolve to target this rich and extremely vulnerable new landscape. With each industry embedding computing and connectivity into a wide variety of devices, such as cars, jet engines, factory robots, medical equipment, and industrial programmable logic controllers (PLCs), the consequences of security issues are increasingly serious. Consequences include physical harm to people, prolonged downtime, and irreparable damage to capital equipment such as pipelines, blast furnaces, and power generation facilities, especially in the industrial IoT. In addition, IoT systems are often highly complex, requiring end-to-end security solutions that span cloud and connectivity layers. Resource-constrained IoT devices often aren’t powerful enough to support traditional security solutions”.
Here is another article from Dave Lewis from Forbes about security and IoE:
“One of the terms out there getting more visibility ever is the “Internet of Things” or IoT. I’ll admit that I have fought hard against even invoking the term for fear some evil apparition would appear if I were to say it three times. But, alas, it has come to the point where I know I have to comment. I realize that when relatives are asking me how to tell if their refrigerator is online or not, it is well overdue.
What exactly is the Internet of Things anyway? This refers to the interconnections between all devices with an addressable interface that can communicate online. Many instruments now have embedded operating systems that introduce a wealth of new opportunities for the end user and ne’er wells who may not have their owners at heart. So whether it is your thermostat communicating with Google GOOGL -1.72%, Apple AAPL -2.86% Watch picking up your health data, your motor vehicle receiving firmware updates, or your fridge sending you a text to remind you to pick up a carton of milk, it has arrived. The terminology first reared its head in 2009 in the RFID Journal. The article “The ‘Internet of Things’ Thing” by Kevin Ashton is given the hat tip as the point at which this all began.
From RFID Journal:
If we had computers that knew everything there was to know about things-using data they gathered without help from us we would be able to track and count everything and significantly reduce waste, loss, and cost. For example, we would know when things needed replacing, repairing, or recalling and whether they were fresh or past their best.
We need to empower computers with their means of gathering information so that they can see, hear and smell the world for themselves, in all its random glory. RFID and sensor technology enable computers to watch, identify and understand the world without the limitations of human-entered data.
A lofty ambition. Of course, the comedian that lurks in the dark spaces of my mind cracks wise about Skynet and evil robots from the future bent on our destruction. What is troubling is the possibility that security is not considered in these various implementations. All that data is being harvested in an automated fashion, but who has access to the data? What type of information is being collected? Has my coffee machine been pressed into service by a foreign government? Sure, I’m being just a little facetious. But, it is not too far of a stretch to think that problems could be in the wings when you have devices that can monitor environmental control and critical infrastructure such as smart grids, medical devices, and transport systems.
Businesses love the idea of the Internet of Things. It opens up new markets while providing more information on customer buying habits. On The other hand, I sit back in my chair and look at the darker side of IoT. How do you manage the usernames/passwords for your ever-increasing number of connected devices and appliances? What about the privacy of your information? For example, various Internet-connected surveillance cameras with easily defeated security controls or baby monitors. These issues will need to be dealt with sooner rather than later.
Recommended by Forbes
This summer, the Open Interconnect Consortium was developed. This organization purports to create a framework for the Internet of Things. From their July 7th press release:
Leaders from a broad range of vertical industry segments – from smart home and office solutions to automotive and more – will participate in the program. This will help ensure that OIC specifications and open source implementations will help companies design products that intelligently, reliably, and securely manage and exchange information under changing conditions, power and bandwidth, even without Internet access.
It is nice that their groups are popping up with the state mission to add frameworks to “securely manage” information being transmitted and at rest. However, there is a question that I have which is, are we too late? I was working on smart grid deployments seven years ago, and this group was announced in 2014. I’m hopeful that security will be taken seriously, but I must admit that I do fret as I think that the horse has already bolted from the barn.
What are the implications for the individual? Imagine the newly announced Apple Watch as an example. This is a device that will know 1) who you are, 2) where you are via GPS, 3) What you’re doing via accelerometer and gyroscope, 4) your health, and 5) even be able to monitor your mood. While I’m sure they have taken time to secure these devices, the ramifications could be significant if there was a failure. I once had a rotary phone, and to see that a Dick Tracy-Esque watch that can monitor my health and act as a phone is amazing to me. I’m always enamored with new technology. The Internet of Things brings enormous benefits, but we must include security and privacy at the outset.
We should not sacrifice security and privacy on the altar of convenience”.
In my opinion and warning, security should always be front and center with anything we do online.
During the past year, we heard about many breaches in U.S. companies and government agencies. However, the majority of the violations happened to companies and organizations with 100 times better security than what you would find in a home that may or not be protected by a wireless router or CMTS that may or not be password protected.
Consumers MUST be protected before big companies sell them products they have little to no comprehension of and expose them to risks that may steal their life savings.
New Cyber Security Companies opening as per Forbes:
-One Million Cybersecurity Job Openings In 2016
There’s an explosion in the cyber security field. Yet, according to the federal government, over one million jobs are available, with very few people to fill these roles.
From Forbes:
“If you are thinking about a career change in 2016, then you might want to look at the burgeoning cybersecurity market, which is expected to grow from $75 billion in 2015 to $170 billion by 2020.
A knack for cat-and-mouse play may indicate that you have an inherent ability for cybersecurity. It is a field where good guys — cybersecurity professionals — are pitted against the bad guys — cybercriminals, a.k.a. hackers. Assuming you’d want to be a good guy – a career can mean a six-figure salary, job security, and the potential for upward mobility.
More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five years, according to a 2015 analysis of numbers from the Bureau of Labor Statistics by Peninsula Press, a project of the Stanford University Journalism Program.
A report from Cisco puts the global figure at one million cybersecurity job openings. Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million, says Michael Brown, CEO at Symantec, the world’s largest security software vendor.
If you are already in the tech field, crossing over to security can mean a bump in pay. Cybersecurity workers can command an average salary premium of nearly $6,500 per year, or 9% more than other I.T. workers, according to the Job Market Intelligence: Cybersecurity Jobs 2015 report published by Burning Glass Technologies.
For newbies to the tech field who are contemplating a career in cybersecurity, they will often start as information security analysts. U.S. News and World Report ranked a career in information security analysis eighth on its list of the 100 best jobs for 2015. In addition, they state the profession is growing at 36.5% through 2022. Many information security analysts earn a bachelor’s degree in computer science, programming, or engineering.
The most recent median pay for an information security analyst is $88,890 per year, according to the Bureau of Labor Statistics, which says the typical entry-level education is a Bachelor’s degree. The lowest 10% earned less than $50,300, and the highest 10% earned more than $140,460″.
The bottom line is cyber security breaches and identity theft is rising because of connected devices. We who are educated about cybercrime must take the time to use our companies, firms, and all resources available to teach others about the dangers of cybercriminals.
We at Cyber Security Consulting Ops will do all we can to help individuals protect their heiressesainst malware, phishing, or any social engineer threats that may arise to steal their data and make them a victim of cybercrime.