Posted on

#IoT Security Is Just Not.

A few weeks ago I wrote this piece about #IOT Cybersecurity and how it affects personal and brand reputations. I got a lot of criticism for basically speaking the truth. I appreciate all the tweets, emails and Linkedin posts engaging on this piece, including all the people who attempted to say I was wrong.

But the points raised in that piece are simply the opening salvo in a multi front disruption. The disruption is NOT IoT. The disruption is to switch from product leading first with security as an afterthought in the rush to go to market. What needs to change is the mindset to build in design security from the beginning,

Last week I sat on a panel at the California Cyber Security Task Force meeting. The panelists were all cybersecurity experts, from across the field, including homeland security, penetration testers, strategy and policy. When it came time to talk about #IOT Internet of Things, we were all asked what people thought about the current state of cybersecurity in IoT.

The answer from the entire panel was: THERE IS NO SUCH THING AS CYBERSECURITY AS OF YET IN THE INTERNET OF THINGS.

Think about that for a second. Or maybe longer. Sure there are a few Iot devices that do offer some level of security. But often, as was raised by one of the other panelists, that is simply writing a marketing statement to the effect of “We take your security very seriously.”

But most IoT devices do not provide any real security, and many are simply copies off other IoT devices that also have no security. Then you have to add in the problem of the unsecured devices talking and sending your data to other non secure devices and or third party companies.

The disruption has to be the switch from rush to market with little to no thought about security — to one where security is built in from the design level up and where devices are not put on the market without first being hack tested every which way to be able to prove their security credentials. Otherwise, we are all simply at very real risk. In part because of the inattention or even stupidity of others who do not think this is important; or in the rush to market skip cybersecurity completely — or just write a lame #fail marketing statement about how they value your security.

Because. Not.

Alan W. Silberberg, CEO of DIGIJAKS

Posted on

What the Hack of the US Government Means to You.

As the CEO of a cyber security and reputation company, I have to admit to not being surprised by the recent successful hacking and penetration of the US Government.

While the scope of the recent events is most definitely shocking, myself and others have been researching, writing about it and trying to push and pull officials to focus on the whole set of threats, not just the known ones, and not just the data hardening ones.

This recent set of hacking and penetration successes were definitely done by a Nation State, China in most probability. But guess what?

The intrusion was apparently found by a Vendor doing a sales pitch to the US Government, and not by the billions of dollars of hardened equipment or custom platforms designed to stop cyber attacks.

I am not being critical. Nor attempting to assign blame. It is what it is. Millions of Americans who work for or have worked for the US Government, myself included have been hacked. Not just hacked, but all of our secrets may soon be on public display or for sale or other.

In the past few years, US consumers have been the targets of hacks from any number of companies that were breached, from Target and Home Depot to Equifax and Anthem among the biggies. But the reality is most companies have probably been hacked.

Most small to medium business do not have the sophistication or the resources to put in place strong cyber defenses. Even for the ones that do, that does not mean a successful defense.

What it means for you:
1. We are all vulnerable. Do not think your information is safe.
2. Disconnect computers from the internet when not using them, and power them down. Same for devices like tablets or phones or other internet connected devices.
3. Create a backup hard drive, find an encryption program you can easily use, and create an encrypted back up of your life.
4. Maybe your whole world does not to be interconnected. Maybe the smart home is not so smart in light of the potential privacy and security vulnerabilities presented by the inter-connect.
5. Take steps to protect private information. Get a safe deposit box at a bank, put all original documents in it, plus a copy of them.
6. Try to make air gaps between your information. Keep your financial records in one secure place. Your medical records in another, different secure place.
7. Be aware that your life may well be not private at all.
8. You are not alone, in fact maybe your whole country is right in the same situation.

In 2013, at my Gov20LA event we hold annually, I made some remarks about the need for families around the world to adopt encryption techniques to protect their information and themselves. That message was partially intended for families trying to fight against tyranny abroad; but is also a critical message for all of us now.

Bottom line though is that the world has changed. *A lot.*