Why Traditional Cybersecurity Models No Longer Work

September 16, 2019 posted by


We talk about why today’s traditional
security models what, you know, a lot of the companies you guys have known and
loved for years and years and years why that technology, why that security
solution just doesn’t work. So think of it from this perspective, you’ve got just
like probably many of you just like myself you’ve got all these IOTs in
your home, right? It could be the Alexa, it could be the Nest thermostat, it could be
your Smart TV, it could be the Samsung fridge–
apparently Samsung fridge is really popular because I’ve seen it in like
four presentations so far. You have all that and you’ve got your firewall, right?
You– and by the way this is a home scenario, but it could apply just as much
to a enterprise. Well, all of these applications have a relationship to– all
of these IOTs have a relationship to an application that’s off in the cloud that
you have absolutely no visibility, insight, or control over, right? So now
you’ve got that firewall that’s supposed to control flow of traffic in and out
and– and let’s not say it’s a firewall let’s say it’s a full-blown security
infrastructure, but the fact of the matter is there’s an encrypted
communication between each of these devices and some application off in the
cloud and moreover it’s managed by a mobile device that’s sitting on yet
another network. So your ecosystem, your IOT ecosystem consists of three
different networks, two of which and– and technologies– but two of which you have
absolutely zero control over, right? But have visibility and insight into everything
that’s happening on the IOT that’s sitting on your network, right, and you
extrapolate that to the millions just think of the nest thermostat how many
millions of homes are those thermostats sitting in and they’re tied to back– back
to one or a group of applications that are
sitting out in the cloud. Well what happens and, by the way this is one of
the scenarios, because all of these IOTs people have physical access to them, well
guess what, someone could compromise the IOT sitting
in their home and then be able to work their way backwards to the application,
but we’ll even look at it and say let’s say the application got compromised
somehow, right, from your perspective, so what’s the next thing that’s gonna
happen? They’re gonna compromise one or many of the IOTs that are sitting on
all the different networks, right? Once they have compromised those IOTs, guess
what? Now they have access to every other system that’s sitting on that same
network. So they can compromise what’s called cross contaminate or cross
compromise– by the way that’s how JP Morgan got blasted. $500 million a
year on security JP Morgan spends and they got clobbered by the– their Road Runners
website, right? So something that is completely low priority for them ended
up having a huge impact on their business. It was a cross compromise, it
was a cross contamination and it happens and then it just expands. So this is why
having that security infrastructure does not necessarily offer you any protection.
Does not offer you any protection compared to the new model that IOTs have
already introduced into your organizations. One of our clients
realized that they had 600 IOTs in one of their office as they bought these
like, you know, their little raising desks. Well their raising desks, each one of
them had an IP address and they were feeding productivity data how often
which– you know how often it was raised and how often it was lowered and it was
feeding all of that data to some application off
in the cloud, they had no idea because IT doesn’t necessarily get involved in the
everyday, right? The– the HVAC folks within the organization, the facilities folks within
the organization, make the decision around the HVAC they buy, right? IT
doesn’t get involved, but guess what it taps into the network. The furniture
people bought the tables, but it taps into the network. So there’s information
technologies and there’s operationalized technologies and operationalized
technologies are going to clobber information technologies in terms of
resources that are out there. So when you look at traditional enterprise
technologies, it’s the gorilla, right? You guys have all heard or– heard the term
enterprise grade, right? Enterprise grade is supposed to be the biggest, the
baddest, the most proven, the most scalable, you know, so on, and so on, and so
on. Well, enterprise grade is the gorilla.
What chance does that gorilla have against a swarm of bees? And that’s what
IOT is. It’s the swarm of bees that are going to pester and devastate the
gorilla.

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *