Latest News

Monday, September 17, 2018

Why You Should Manage Your IoT Devices Like Employees




There is a well-known joke among security professionals:
Q: "What does IoT stand for?"
A: "Internet of Threats."
Sadly, this joke is our reality.
An estimated 20.4 billion Internet of Things devices will be deployed by 2020, according to Gartner, in what some have dubbed "the fourth industrial revolution." These connected devices are being manufactured to streamline everything we do. Smart fridges will be capable of ordering groceries when we're running low, for example, and smart desks will alert us when we've been sitting too long.
While there is vast opportunity for IoT to improve both our personal and professional lives, there's an equally vast opportunity for bad actors to exploit vulnerabilities in connected devices.
Most of us, without thinking twice, assume that privileged access and configurations around our current IoT devices will stay the same; however, failing to acknowledge or scan for new developments could be a fatal mistake.
Overlooking new security measures that would further improve security for IoT devices could result in exposure to malicious attackers and the growing cybersecurity threat landscape.
In the world of manufacturing -- where shaping up and shipping out the next best product as fast as possible is the name of the game -- security is commonly, and disturbingly, an afterthought.

How Unsecure Is Your IoT Device?

One of the biggest security concerns, when it comes to IoT devices, is unauthorized access. Unbeknownst to the everyday user, each device can act as an entry point into a network. Leaving them unsecured could create a large and unmanageable attack surface.
The Mirai botnet malware attack, which struck two years ago, showed just how high IoT risk really is. To carry out the attack, hackers gained access to millions of routers and IP cameras through hardcoded default passwords, like admin/password or root/1234.
They then created a botnet leveraging the hijacked cameras to conduct a coordinated DDoS (distributed denial of service) attack that rendered much of the Internet inaccessible on the United States' East Coast.
More recently, VPNFilter malware targeted IoT devices, infecting SOHO (small-office-home-office) routers through well-known software vulnerabilities.
The malware hijacked network flows going through the routers and featured a kill-switch capable of destroying the routers' software.
"Who cares about SOHO routers?" you might ask. Well, these devices are used by critical infrastructure, such as the energy sector. Imagine the impact this kind of malware could have on the U.S. if it could shut down energy grids.
What would transpire if IoT-connected vehicles, such as smart cars, were the victims of an attack? Imagine hackers taking control of the wheel to steer a car off the road or remotely steal a vehicle from its owner.
The potential ramifications of compromised IoT devices could be detrimental to both our online and physical safety.
As these examples show, IoT devices have the potential to create a high-risk security environment capable of widespread, crippling damage -- not to mention a complete headache for security executives and their teams.

Managing Your IoT Devices Like Employees

So, how do security professionals safeguard their business from IoT cyber risks? They should start by treating each IoT device connected to their network as an employee, by incorporating them into existing identity management processes and applying the following best practices:
1. Give devices an identity: To achieve this, you must first embrace a different mindset. View IoT devices not as pieces of technology, but rather as privileged users who have access to sensitive information. By assigning a device and identity and provisioning them appropriately, their activity can be monitored and managed throughout their whole life cycle on the network. 2. Apply device governance: Once each device is given an identity, you should apply policy-based authentication and access control. It's easy to deploy an IoT device and forget about it, but the reality is that these devices are a conduit between the internet and your environment, making them an easy attack vector for unauthorized users to gain access to sensitive corporate information.
Device authentication and access should be governed and routinely revisited during the full device lifecycle -- through software updates, bug fixes, new firmware, routine maintenance and diagnostic improvements.
3. Employ the principle of least privilege: Just as you would only give an employee the minimum access to data and systems they need to do their jobs, businesses need to limit the access of their IoT devices.
Employ firewalls and permissions to safeguard against unauthorized devices obtaining proprietary or privileged information. For example, your smart printer doesn't need access to the CFO's income statements folder. The less access you give an IoT device, or employee, the less damage either could bring to the enterprise.
4. Manage device passwords: Similar to users, IoT devices contain passwords that grant them authentication to systems, files and data. Best practices for managing user passwords -- such as requiring routine resets and multifactor -- also apply to IoT passwords. These passwords must be updated routinely and closely managed to protect the vital information they store.
5. Monitor the device: Devices should be monitored 24x7 to identify unusual activity, check for necessary patch updates, and confirm each device is still in the right network segment. Machines are highly predictable, and abnormal behavior can be a clear giveaway if there is an unauthorized user controlling the device. Without the right monitoring processes in place, these abnormalities -- and thereby potential malicious actors -- can go undetected.
Managing IoT devices as employees, as part of your identity and access management processes, is the best way to ensure any access is kept in check and potential threats or anomalies are monitored. Although there can be thousands of IoT devices connected to a network at once, it takes only one poorly managed machine to inadvertently breach an organization.
As more of these devices join the network, businesses that employ these best practices can work to eliminate IoT as a threat, and begin to realize the productivity potential it was designed to bring them in the first place.

Source: https://www.ecommercetimes.com/story/85570.html

Thursday, September 6, 2018

Q&A: What are the advantages of Vietnam's engineering workforce in software outsourcing?

1. Vietnam Young Population
Vietnam has 91 million people and about 64% are young (from 18 – 32 years old). This is a very good population base from which good programmers can be developed. Moreover, Vietnamese people tend to be smart and they love the computer. More and more student choose Computer Science as their major in University, to be a developer in a software outsourcing company seem to be an attractive career to the young, earning a high salary and good working environment.
2. Good Infrastructure
Vietnam is a small country with 2 big cities including Hanoi Capital and Ho Chi Minh city. It is easy to realize that Ho Chi Minh city has a relatively very good infrastructure in terms of roads, internet bandwidth and basic services. Many foreigners from US, UK to Korea have moved to Vietnam and stay for long or build up their “home” here. The internet wifi is almost free and fairly cheap. Ho Chi Minh city has more than 100,000 young developers in 2017, who works full-time as software or mobile developer.
3. Adjustable Culture
Related to national culture, Vietnam has a good blend of tradition-Asia culture and western culture. Compare to India or China, Vietnam is more comfortable to stay in. If you have a chance to Ho Chi Minh City, you might notice that we have a western town (Bui Vien Street), China town (Nguyen Trai street), Korea town (Near Tan Son Nhat airport) and many kinds of restaurant, bar and club.
However, it’s important to mention Programming Culture, Vietnamese programming environment very impressive, they are hard working, diligent and a little more creative and extrovert (consultative) than other Asian locations.
4. Safety Place
“There are no safety warnings from the US government and we felt completely safe in HCMC and traveling around in nearby areas. The only warning we were given multiple times was to watch out for our cell phones – Andy Hilliard, Prez of Accelerance”
5. Lower cost
First of all, the average salary of Offshore Development Company in Vietnam is relatively cheaper compared with the world and adjacent countries, including India, Thailand, and China. In china, worker’s salary is double to Vietnam and contract to US, Canada or Australia, the hour labor cost in Vietnam is much cheaper. while 1 hour of Vietnamese developer cost about 12$ – 18$, US developer cost ten times higher.
6. Highly Skilled Work Force
In addition, Vietnamese developers of Offshore Development Company access to a highly skilled workforce, especially in Software Development (Vietnamese people are generally smart, hardworking, and the percentage of people with IT background is higher and higher). Moreover, to adapt global economy, The number of Vietnam offshore development Start-up company and SME are increasing day by day, they often founded and manage by experienced senior developers, enhancing a rich source to any kind of customer, even that is a local shop or big4.
7. English
Furthermore, when it comes to learning English, a sincere push for education from the Government and Family keep being heavier in 2017. Because people believe that English is the ticket to success, you don’t need to worry about language while working with Vietnamese Software Development Company. Vietnam is so pro-English that wealthy families send their kids abroad in High School. As a result, the kids adopt English as their first language and consequently English culture as their dominant culture. There are some kids have lost touch with their Vietnamese identity yet know they will never be true Brits, Australians or Americans. The result is that even the kids who don’t have the money to study abroad learn English very well in Vietnam, there are English schools on every corner.

Tags

Recent Post