CDSA

ISE’s Harrington: Security Adversaries Using ‘Stepping Stone’ Attacks More Often (ITSP Magazine)

[svg-table-content]

Today the modern adversary uses what’s called a stepping stone attack, where they will attack a lesser sophisticated part of the chain, compromise that part to then pivot the attack to get to the ultimate target victim, according to Ted Harrington, executive partner with Independent Security Evaluators.

For the average consumer, he recommends trying to reduce the attack surface. You should think about whether or not you need all the connectivity before you start plugging things in an expanding it. His biggest recommendation would be to change the default password right away for any and all devices connected to the network.

And security is a tremendous differentiator and a huge market opportunity for manufacturers of connected devices. To be able to differentiate on security alone is something consumers should (and soon will) want; they just don’t know how to articulate it. The manufacturer should deliver the security “features” clearly such that the consumer can understand the reality of the capabilities; savvy consumers will more than likely pay a premium for better security.