Combatting the ‘evil Internet of Things’

A recent survey of over 400 global IT security pros revealed that fears over the security of connected devices has risen sharply since last year, writes Peter Reid, executive head of Intervate.

In all, 86% of respondents to security analysts Pwnie Express’ survey said they were worried about device threats – with 50% either ‘very’ or ‘extremely’ concerned. Many had even witnessed attacks first-hand.

Connected, smart devices are rapidly advancing into almost every area of our lives: our homes, our cars, our offices, and even our bodies. Most market commentators forecast tens of billions of connected devices by the end of the decade.

However, while we remain in a state of enchantment over the possibilities of The Internet of Things (IoT), too few consumers and businesses are stopping to think about the critical security concerns the IoT revolution brings.

A fundamental adage of security is that the more devices you have connected to a network; the more vectors of attack are exposed.

Although one of the biggest drivers of IoT adoption is sharply falling costs, the repercussion of this is that many connected sensors and devices are stripped down to the bare minimum – with insufficient consideration for encrypting and protecting those devices.

 

Not just a ‘dumb sensor’

As consumers we forget that even the most basic sensor is actually a small computer, a fully-fledged ‘Von Neumann device’ with its own processing and integration capabilities. By recognising this reality, we see that any connected object can potentially be hijacked and used for malicious purposes.

Vulnerabilities abound wherever these devices are connected to wireless networks: whether that’s Bluetooth, NFC, WiFi, 3G, or any other form of wireless protocol.

Many ask what the real risk would be, if somebody – for example – was able to hack into my home thermostat or my connected toaster?

While it’s obviously unlikely that anyone would want to hack into your connected home infrastructure to change the temperature of your living room or burn your toast; that wouldn’t necessarily be the attacker’s end-goal.

Attacks often work in a progressive manner, where one small breach can open up opportunities to penetrate other areas of the network, and cause more damage. Attackers might compromise a printer on a corporate network, to sniff for passwords that would then enable them to configure their own admin-access.

So, the printer, or the thermostat, might just be the first step in a long chain of progressive breaches.

 

Full Article

Summertime Security: 5 Tips to Stay Safe on Public Wi-Fi

By Sarah Park

MeriTalk

June 6, 2016

Forty-three percent of Americans would sacrifice their personal online security for faster Internet speed, according to a recent report.

The survey, conducted by SecureAuth and Wakefield Research, dives into Americans’ perceptions around Internet speed versus personal security over public Wi-Fi, and shows Americans as a whole will latch onto any Internet connection they can get even if it’s insecure.

(Full Article)

$13 Million Investment Will Grow Tech Firm In Burlington

By Steve Zind

May 19, 2016

Vermont Public Radio

A tech firm with roots in Vermont has raised $12.9 in venture capital that will help create new jobs at its Burlington office.

Pwnie Express started as a one-person business Central Vermont six years ago. Now there are 40 employees.

While its main office is in Boston, the engineering side of the business is in Burlington.

Pwnie Express makes sophisticated detection systems that companies use to monitor their networks and reduce the risk of breaches, which has become an increasing challenge with the ubiquity of Wi-Fi enabled devices.

A significant part of the problem is employee-owned devices such as cell phones and laptops that access a company’s Wi-Fi network.

“The devices that are coming into businesses today are devices that are owned by the employees, not by the company. So that is creating a security risk for the company,” says Pwnie Express CEO Paul Paget.

Other businesses create additional vulnerabilities. “It’s not just employees bringing in devices, it’s vendors bringing in devices, and they want to service those devices remotely,” Paget says.

Pwnie Express, which takes its name from a hacker term, was started in 2010 by Dave Porcello, a Boston transplant. Porcello worked at a Montpelier insurance company before starting the business in nearby Berlin.

Paget says the company’s tech side has stayed in Vermont for good reason.

“Burlington is a real hotbed for software and security talent. There are people from the early days who are there who are very important to us. The universities are pumping out talent. There are other companies in the area, ” he says.

Paget says the hiring market for talent is also much more competitive in Boston. He says the company plans to hire another four or five employees at its Burlington office this year.

(Full Article)

The life of a social engineer: Hacking the human

By Mirko Zorz

May 19, 2016

Help Net Security

A clean-cut guy with rimmed glasses and a warm smile, Jayson E. Street looks nothing like the stereotypical hacker regularly portrayed in movies (i.e. pale, grim and antisocial). But he is one – he just “hacks” humans.

Street is a master of deception: a social engineer, specializing in security awareness and physical compromise engagements. He’s outspoken, friendly, always wearing a smile, and besides working in the field, he’s also the InfoSec Ranger at Pwnie Express, and is well-known for his books and conference talks around the world.

Social engineering skills

Information security professionals generally agree that humans are the weakest security link. Employees need access in order to do their job, and so attackers increasingly target them instead of the network, in order to infiltrate the system…..

(Full Article)

Cybersecurity Firm Pwnie Express To Expand in Boston and Burlington

May 16, 2016

By Cathy Resmer

Tech Jam VT

Protecting customer and employee data against cyber attacks is increasingly challenging. That’s bad news for the government and for corporate America, but good news for Boston-based Pwnie Express.

The cybersecurity firm, which also has an office in Burlington,just announced that it’s raised $12.9 million in venture capital. The cash will help the company expand its efforts to help customers prevent hackers from gaining access to sensitive data.

Those customers include companies facing the growing threat of attacks from mobile devices and the expanding Internet of Things — in which sensors and previously offline appliances connect to household and corporate networks.

A growing reliance on workplace “Bring Your Own Device” policies is also cause for concern. “Most organizations are starting to worry about that as a new attack vector,” says Pwnie Express CEO Paul Paget. “If you don’t know what [the devices] are, and they’re connecting to your networks, that creates risk.”

Paget sees opportunity there, particularly among small and mid-size businesses that need help adapting to this rapidly changing environment — perhaps from Pwnie’s new, real-time wireless and wired detection tool, Pwn Pulse. “We think that’s a huge market,” he says. Pwnie’s investors agree — hence the new infusion of funds. In a phone interview, Paget outlined how the investment will help the company grow — in both Boston and Burlington, Vermont….

(Full Article)

Cybersecurity Firm Pwnie Express To Expand in Boston and Burlington

May 16, 2016

By Cathy Resmer

Seven Days Magazine

This story was originally published on the Vermont Tech Jam blog.

Protecting customer and employee data against cyber attacks is increasingly challenging. That’s bad news for the government and for corporate America, but good news for Boston-based Pwnie Express.

The cybersecurity firm, which also has an office in Burlington, just announced that it’s raised $12.9 million in venture capital. The cash will help the company expand its efforts to help customers prevent hackers from gaining access to sensitive data.

Those customers include companies facing the growing threat of attacks from mobile devices and the expanding Internet of Things — in which sensors and previously offline appliances connect to household and corporate networks.

A growing reliance on workplace “Bring Your Own Device” policies is also cause for concern. “Most organizations are starting to worry about that as a new attack vector,” says Pwnie Express CEO Paul Paget. “If you don’t know what [the devices] are, and they’re connecting to your networks, that creates risk.”

(Full Article)

MassMutual Climbs Aboard Pwnie Express

16 May, 2016

By Robert Lavine

Global Corporate Venturing

Cybersecurity software developer Pwnie Express has secured $12.9m in an Ascent Venture Partners-led series B round that included MassMutual Ventures

US-based cyber threat detection technology developer Pwnie Express has raised $12.9m in a series B round featuring MassMutual Ventures, the corporate venturing subsidiary of insurance group Massachusetts Mutual Life Insurance.

(Full Article)

[Investor Q&A] How Matt Fates of Ascent Venture Partners Supports Boston Enterprise IT

May 16, 2016

By Keith Cline

Venturefizz

It’s perfect timing for Matt Fates’ Investor Q&A on VentureFizz. Just last week, Ascent Venture Partners led a $12.9M Series B round of funding for Pwnie Express in Boston, a leading provider of device threat detection. Matt will be joining Pwnie Express’ Board of Directors.

Fates is a General Partner at the firm and has been investing in Boston startups since 1998. Prior exits include Interactive Supercomputing (acquired by Microsoft), Cymfony (acquired by TNS), Fidelis (acquired by General Dynamics) and others.

Learn more in my Q&A with Fates below.

Keith Cline: Tell us about your background.

Matt Fates: My father was a fighter pilot in the U.S. Navy and I was born at the Navy Hospital in Norfolk, Virginia. My parents said it cost them under $5 in medical bills, and yet at times they still questioned whether it was worth it. I was the kind of kid who did not like to be told what to do. After Dad’s service, we moved to the Boston area until I was 9, then to London, England for five years (a terrific experience), then back to Boston. I have a younger brother who lives in La Jolla, California today. I don’t like to talk about the weather with him…

(Full Article)