Home » The Art of Data Protection

IoT Nightmares LogoThroughout October, we’ve blogged about the IoT Nightmares — stories inspired by spooky campfire tales about the very real cyber security vulnerabilities the Internet of Things (IoT) introduces to a variety of industries.

As each terrifying scenario demonstrates, the increase in connected devices brings a number of advantages —  increased operational efficiency, customized user experiences and improved communication, to name a few — but the IoT also brings with it a number of new challenges. Organizations in any industry leveraging the Internet of Things need to plan for these challenges by enhancing their data security strategies to avoid the IoT Nightmares.

At the beginning of each IoT Nightmares blog post, you may have noticed some eye-opening stats in the form of stand-alone infographic pieces. Now, we’re happy to present the full infographic, bringing all of these nightmares together:

IoT Nightmares Infographic
Miss one of the tales, or brave enough to revisit them? Check out all the entries in the IoT Nightmares blog series:

read more »

Internet of Things - Healthcare Security

Medical professionals hailed the technology as “the biggest step towards immortality made in our lifetime.” New devices that would save millions of lives. A new range insulin pumps, defibulators, and implanted devices of all kinds were suddenly prescribed by doctors in every corner of the globe. They promised to provide greater insight into the care of patients, improve the quality of health, and even stop heart attacks as they occurred. And all of this could be done remotely.

The medical professionals were right; these devices did save lives. Unfortunately, they were also been used to destroy them.

In 2031, a patient with an implantable cardioverter defibrillator from the company BioDext dropped dead on stage at a politically rally. Samuel Tuff was the leading candidate for the Bull Moose party and heavily favored to with race for Governor of New York. His heart condition had been well kept from the public, and with his implanted device, his doctors had assured him that he would be fine. When the public learned that he had died of a heart attack, despite having the defibrillator, they demanded to know why the device had failed.

The BioDext device was designed to function at the first sign of significant cardiac arrhythmia, and fire again only if the heart failed to return to normal function. When BioDext investigated, they learned that not only had the defibrillator fired, but it had fired with seemingly no reason for doing so.

Somehow, this device had fired as if it had been commanded by some outside force. It slowly became clear that someone had deliberately hacked Mr. Tuff’s device, and used it to assassinate him in broad daylight.

The assassins revealed themselves hours after the politician’s death. An anarchist group calling themselves “The Pacemakers” claimed responsibility. The Pacemakers were a group of highly skilled hackers who lived and worked in the shadows. Their motives were to realign society in a design more suited to their own ideals, and they had spent years hacking medical devices and stealing medical records in preparation for the events to come. Samuel Tuff, they said, was the first of a long list of targets in all levels of government and enterprise that depended on a medical device they could compromise.

In the following months, more people in positions of power fell victim to the group, as medical device providers like BioDext scrambled to patch security holes in their devices. The devices that once seemed like the future of medicine, were now seen as ticking time-bombs.

IoT Nightmares LogoWhile the story above is an extreme example of what could be possible when hacking implanted medical devices, it illustrates why the security of medical devices must be a top priority.

Within healthcare organizations today, a broad assortment of networked medical devices are being employed—and relied upon daily for a range of critical tasks. This can include implanted medical devices that are used to monitor and treat conditions within the individual’s body, such as pacemakers, drug delivery systems, and neuro stimulators. In addition, there are many other networked devices employed within hospitals, including rolling workstations, ventilators, portable ultrasound units, and x-ray machines. Research into the vulnerability of these devices indicated that they are highly vulnerable to compromise.

One of the key challenges in medical device security is the need to prevent unauthorized code from being run on the device. Through code signing, device manufacturers can establish a trusted ecosystem that enables timely, secure delivery of new software and code updates. As a result, device manufacturers can help customers mitigate the exposure associated with unpatched systems and devices.

The IoT Nightmares don’t end here!

Check out the previous entries in the IoT Nightmares blog series:

You can also enter our IoT Nightmares Sweepstakes by October 31st for a chance to win a Pebble smartwatch, and play our IoT Nightmares Security Game to explore the risks the Internet of Things introduces to several industries.

read more »

In a recent Ponemon Institute study commissioned by SafeNet, Inc., we found that as organizations increase their usage of cloud services, IT departments are struggling to control and secure data in the cloud.

As this infographic shows, IT security professionals being left out of decisions regarding cloud services is putting sensitive data at risk.

Cloud Data Security and Governance Infographic

Key Findings from this Infographic:

  • 47% of respondents said the IT security team is rarely or never involved in the decision making process about cloud resources
  • 44% of corporate data stored in a cloud environment is not managed or controlled by the IT department
  • 57% of companies are not careful about sharing sensitive information in the cloud with third parties
  • Only 34% of companies have policies that require the use of security measures such as encryption as a condition to using cloud services

For more about our research, The Challenges of Cloud Information Governance, visit

read more »

Internet of Things Security for Retailers

Cindy considered herself the definition of a fashionista, and knew where to find all the deals on the latest fashions. She lived to shop and shopped to live. Luckily for Cindy, she had great credit and could leverage her numerous cards to save when shopping. She knew about the increasing number of credit card breaches, none had impacted her so far, and she began ignoring the headlines for the most part.

Right before the upcoming wedding season, Cindy went out to get new dresses, shoes, and accessories for the weekends ahead. While she did notice the navy heels and matching bag at Lydia’s Boutique, she didn’t think twice about the new, wireless point-of-sale (POS) system and card reader where she was swiping her platinum credit card.

The state-of-the-art POS system communicated with Lydia’s CRM and inventory management systems. Unfortunately, by disguising malware as an update, hackers were able to tap into the small retail chain’s new system and start skimming the transaction details in order to eventually sell customers’ credit card information on the black market – including Cindy’s.

A few weeks later, Cindy logged in to pay her credit card bill which she anticipated being $1,400 and included her trip to Lydia’s. Imagine her surprise when she saw her account balance of … $9,320!

She sat staring at the number and skimming the purchases outlined – the bulk of which she didn’t recognize. There was a Dispute a Charge link on the page, but she felt like she needed to speak to someone to get answers. She flipped over the card, and frantically dialed the customer service number.

While on hold and waiting to speak to someone, she suddenly remembered that she had received a lot of emails recently, and thought one had said something about “payments” in the subject line. She’d thought it was a regular e-statement when she’d seen the notification on her phone pop up, but maybe…. There, about midway down in her inbox, was an unread email from Lydia’s Boutique with a subject line reading “Notice to Our Customers Regarding Payment Data.”

Her heart sank.

IoT Nightmares LogoLuckily for Cindy, the credit card companies have good fraud insurance plans to cover the purchases in the case of theft, but it likely wouldn’t help her anxiety levels as she worried about 1) whether the balance would be covered, 2) if the perpetrator would be caught, 3) how she would be able to make purchases while the fraud activity was investigated, and 4) how to ensure this wouldn’t happen again.

Security compliance mandates, like PCI DSS, have come a long way in recent years to ensure credit card data is protected; however, there are still vulnerability gaps in the retail ecosystem where hackers have been able to capitalize. As retail stores begin to use more devices and sensors to collect customer data in order to improve efficiency and customize shopping experiences, hackers are presented with new opportunities to capture credit card information and activity.

To address this, the retail industry is now moving towards more advanced infrastructure security with encryption technologies such as Point-to-Point encryption, code signing of software applications and devices, as well as adopting encryption to protect consumer information from the point of entry in order to eliminate these security gaps.

Find out more on the retail vulnerability points and what solutions are available to retailers at

read more »

Internet of Things Security - Smart Cars

I scanned the street from my window, looking for anyone who may be out of place. The streets were empty, even for this hour. With a push of a button my car, which had been parked a few blocks away, roared to life, the headlights illuminating the street below as it made its way to the entrance of the warehouse.

Grabbing the briefcase, I quickly ran down the stairs and to the car now waiting for me. The rain was coming down in sheets. I searched the narrow street for any sign that I had been noticed. In the distance I could hear the sound of the trash trucks making their morning rounds, but the street was empty. I jumped in the car and closed the door.

“SiD, take me to the airport,” I commanded the car. With that, the car quickly programmed the fastest route to the airport and started down the road.

My plan is coming together, I thought.

3:06 AM, I had just enough time.

The car navigated out of the city and on to I-95 in route to my destination. With each mile marker, I could feel myself nearing freedom. My heart was racing. I made futile attempts to calm my nerves.

You’re fine. They have no idea where you are and where you are going.

For months I had been looking for a way out.  Going to the authorities was out of the question; their pockets had been lined by the boss for years. Even the FBI was not to be trusted. My only hope was to seek the protection of the very people I had once called my enemy. And for that, I needed a bargaining chip. The contents of this briefcase represented my last chance at freedom.

Traffic was light through the tunnel. Semi-trucks were making their way to early morning deliveries, and a few cars shuttled their passengers to work. As the car emerged from the tunnel I could see a sign reading: AIRPORT 7 MILES, and I was hit with a wave of excitement. I was almost home free.

As we passed the first exit after the tunnel I noticed a car following closely behind me. Too close to be another automated car, I thought. Manual cars were rare–rarer still at this hour. I worked myself into a panic. This car had to be following me. Why else was he so close?

Through the rearview mirror I could make out three figures in the vehicle, and my heart sank. This is it. They have me.

Then, as quickly as it appeared, the car shifted lanes, and exited the highway. The relief was overwhelming and I laughed at my paranoia.

With just four miles to go my car merged into the right lane and took an unexpected exit. At first I thought that it was adjusting for traffic. Perhaps there was an accident up ahead, I reasoned. Then the car made a right, when it should have went left.

“SiD,” I commanded, “take me to the Airport.”

The car pressed on it course, seeming to ignore my command. Soon we were in the abandoned warehouse district, speeding past long forgotten loading docks. I tried again to reroute the vehicle to the airport, this time using the console, but it refused to break its course.

“Destination reached,” SiD announced as we came to a stop among rows of shipping containers stacked four high, and an older manual car beside them. Then three figures stepped into the beam cast by my headlights and started moving slowly in my direction.

My phone began to ring, and the car answered without prompting me to accept the call.

“You have something of mine, Mr. Thompson,” said the voice on the other end, “and I would like it back.”

Autonomous cars will change our commute forever. They have the ability to enhance the safety and efficiency of road travel, while potentially making our time in the car more productive.  Although this technology is exciting, researchers have only recently begun to understand the security challenges inherent in vehicles on the road today. Videos like the one below demonstrate just how vulnerable and dangerous an improperly secured car can be.

Autonomous navigation will increase the potential harm that could be caused by skilled hackers manipulating our vehicles.  With recent estimates predicting that 75% of vehicles on the road will be autonomous by 2040, it is clear that the security of this technology must become a top priority.

The IoT Nightmares don’t end here!

IoT Nightmares LogoCheck out the previous entries in the IoT Nightmares blog series:

You can also enter our IoT Nightmares Sweepstakes by October 31st for a chance to win a Pebble smartwatch, and play our IoT Nightmares Security Game to explore the risks the Internet of Things introduces to retail, healthcare, financial services, and other industries.

read more »

Recent Tweets