ISE’s Harrington: Beware IoT ‘Stepping Stone’ Attacks (Tech Central)


A recent webinar hosted by The Security Ledger entitled: “Who Let the IoT in?: Finding and securing wireless devices in your environment,” was designed to offer some advance advice on how to cope with the threats posed by Internet of Things (IoT) devices.

Ted Harrington, executive partner at Independent Security Evaluators and one of three panellists, said that consumer IoT devices, “are being brought into the enterprise in an unsanctioned, even if unintentional, way.”

And the warning is that these devices are indeed a clear and present danger to enterprises. They remain notoriously insecure, which makes them the weak link that can allow attackers to hack into them and then “pivot” too much more important and valuable parts of the network.

The panellists noted that besides the devices themselves, another element of the expanded attack surface is being created through relatively new kinds of wireless networks that cater to low-power IoT devices like electric meters or smart watches, which emit small amounts of data.