Stronghold Cyber Security CEO Jason McNew was recently contacted by ABA Journal‘s Jason Tashea to discuss the security vulnerabilities of devices tied to the Internet of Things (IoT) for an in print article titled “Yesterday’s Technology, Today’s Problem“, published in the November 2018 issue. An online version is also available, sourced under the “Digital Dangers: Cybersecurity and the law – A joint production of the ABA Journal and the ABA Cybersecurity Legal Task Force” section.
Smartphones aren’t the only ubiquitous threat. USB drives and the expanding world of internet-
enabled products, termed the “internet of things,” also create and compound security vulnerabilities.
“The idea that you would take something that you know nothing about and put it in your machine is repugnant,” says Jason McNew, CEO of Stronghold Cyber Security based in Gettysburg, Pennsylvania. “You have no idea where the thing was manufactured.”
Comparing the ministorage devices to a dirty needle, he says they can come preloaded with malicious software and are used by hackers and penetration testers to exploit human vulnerabilities to access a network. While there is no Consumer Reports for secure devices, he notes that the National Security Agency does evaluate and validate some products for high-security purposes, such as hard drives, encryption devices and paper shredders.
Regarding the internet of things, including web-enabled cameras and smart thermostats, reports have shown that poor security has led to people’s devices taking part in denial-of-service attacks while the owners were unaware. In other instances, device manufacturers built in secret “backdoors” so devices could be accessed remotely, which left the technology vulnerable to attacks.
“It’s important to consider those things when you bring them into your environment,” he says. “Once you get a toehold in the network—then it’s anyone’s guess to what you can and can’t do.”
Previously, McNew has spoken at the American Bar Association’s ABA Techshow 2018, co-presenting on two sessions, with the discussion on ransomware as a growing threat to law firms featured in March 2018 online edition of ABA Journal.