Remember in December 2013 when news started filtering out about the Target data breach? Ultimately this attack would take 40M customer debit/credit card numbers, along with untold and still fully unaccountable costs for the company themselves. For months after the announcement the news was full of stories around the attack, centering on a HVAC company in Pennsylvania, contracting with Target, who had suffered their own breach via email-delivered malware. Slowly the news focused on other attacks, because that is the nature of our business, while every single vendor at RSA 2014 had some “Target-breach demo” set up in their booth to show how their tech would have stopped the attack.
As we all focused our eyes elsewhere (looking at you Sony) Target was still cleaning up after this breach, and preparing themselves for possible lawsuits from banks hurt by the breach. The intersection between banking, insurance, and data breaches is getting very much intertwined, and that is forcing organizations like Target to take a much deeper incident response dive than in previous breaches. In fact, organizations are doing a lot of pre-IR work currently to ensure they are covered from both an insurance-level and future litigation-level when a breach occurs. But this necessitates understanding, and seeing, every possible threat to your network…and I’m not talking malware here.
Let’s play some acronym bingo: BYOD, IOT, BYOT, BYOE…the list seemingly goes on and on. Yet nobody is seemingly marketing to the “BYOMS (Bring Your Own Meat Scale)” set, and according to reports it might be that connected piece of equipment that finally tipped the scale in the Target breach (sorry, had to use the pun). Although fun to talk about connected meat scales being an entry point, the larger picture here is that you can throw all the acronyms you want into a data sheet or product video, but the fact is that workplaces know they have billions of devices floating around, at least one of which might be the open pathway for an attack.
If You Think Meat Scales Are Scary, What About Drones?
Meat scales are one thing, and certainly being able to simply see they are connected or even around your network is critical, there are so many other devices to consider. The printer someone installed that is also transmitting wifi. The drones, equipped with wifi, flying above your building. The Roku someone put in the far conference room so they could watch a World Cup match…last summer. The Amazon Echo in the corner office so the boss can control the glare on those fancy lights.
Are these BYOD or IOT? WHO CARES. The fact is they are there, either on or near your network, and you just need to see them and then make a call. Too often we get bogged down into the ‘what and why’, when we should be focused purely on the ‘how’. As we come full circle and approach the 2-year anniversary — Cotton is the gift, FYI — of the Target breach we continue to see more and more devices on or around our network. The question isn’t what to call those, the question is what are you doing to see them now.
Oh, and in case you were wondering, you can NOT buy a meat scale on Target.com.