But along with all the great benefits of speed, throughput, low latency, and futuristic functionality comes a downside: an expanded attack surface. With the forecast of connected IoT devices and applications estimated to exceed 67 billion by 2025—perhaps up to 75 billion—the field is rife with targets. And because many vulnerable IoT devices ship with default passwords that are rarely changed and ports that always seem to be open, for hackers, it’s like shooting fish in a barrel. The process of securing IoT devices, like any software development process, is also vulnerable to design flaws and coding mistakes.

However, not every 5G vulnerability can be laid at the doorstep of IoT devices. With new 5G wireless technology replacing older 4G LTE technology, uncertainties and risks can abound within the 5G protocols themselves. And because 5G standards are relatively young, with their definitions still evolving, 5G and IoT devices will need better security.

Would 5G and IoT cyber security compliance standards help?

Cyber security compliance standards for 5G and IoT devices can have overlapping jurisdictions in terms of applications and sectors. For example, the Payment Card Industry Data Security Standard (PCI DSS) applies to 5G networks and IoT devices involved in financial transactions conducted with credit or debit cards, and the FedRAMP cyber security standards apply to transactions involving the federal government. However, the evolving status of 5G standards and fast-changing nature of IoT devices make these kinds of compliance rules and regulations “very cumbersome and overweight,” according to Protocol, and not designed for environments that change regularly.

Nevertheless, the need to manage the risk of billions of IoT devices will continue to change the requirements and scope of 5G security. Consequently, development organizations need a proven, scalable, standards-based technology solution going forward, according to Risk & Insurance.

The National Institute of Standards and Technology (NIST) recently posted a set of draft recommendations regarding IoT cyber security. Though not enforceable, it calls for IoT manufacturers to design cyber security capabilities into their systems, including baselines for data protection, logical access to interfaces, software and firmware updates, and cyber security state awareness.

Even in existing technologies, researchers continue to discover unknown problems. For example, researchers at the Korea Institute of Science and Technology discovered 36 security flaws in 4G last year. So the reality of 5G is that as a new technology, it’s bound to have security vulnerabilities.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

The popularity of applications like Zoom and House Party has exploded in recent weeks, however, there are concerns with the security of some applications. 

“The decision to use Zoom, as millions of others stuck at home during the coronavirus outbreak are doing, comes as concerns are growing about the conferencing app's business model and security practices. Most notably, the company has been forced to admit that although it explicitly gives users the option to hold an “end-to-end encrypted” conversation and touts end-to-end encryption as a key feature of its service, in fact it offers no such thing. Specifically, it uses TLS, which underpins HTTPS website connections and is significantly better than nothing. But it most definitely is not end-to-end encryption (E2E). E2E ensures all communications are encrypted between devices so that not even the organization hosting the service has access to the contents of the connection. With TLS, Zoom can intercept and decrypt video chats and other data.”  - The Register

‍

It is thus advised to treat any confidential conversations held over Zoom as being vulnerable to being overheard. Of course, the other issue is that unlike face-to-face conversations in an office environment, you have to assume all online conversations are being recorded.

‘Zoom bombing’ on the rise

On 30 March, the FBI announced it was investigating increased cases of video hijacking, also known as “Zoom-bombing”, in which hackers infiltrate video meetings, often shouting racial slurs or threats.

Zoom meetings can be accessed by a short number-based URL, which can easily be generated and guessed by hackers, a January report from the security firm Checkpoint found. A number of security flaws affecting Zoom have been reported in the past and as recently as this week. In 2019, it was revealed Zoom had quietly installed a hidden web server on user devices that could allow the user to be added to a call without their permission.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

Covid19 has brought with it a raft of changes to almost every aspect of society and a lot of aspects of business. Phishing scams have also changed and evolved to include Covid19 related scams. Only use Government approved sites for Covid-19 information and updates. There are lot of coronavirus-themed scams around that using phishing techniques to trick people into sharing personal information, such as banking details. A rule of thumb is not to trust any emails, social media, links or invitations that come from an unknown source or a source that don’t usually contact you digitally. Even if they do usually contact you digitally, if the information requested is important or very sensitive, think twice. Most institutions will never ask for banking details, or passwords through text or E-mail. It never hurts to double check with institutions to validate their contact.

How do I spot a coronavirus phishing email? Examples

Coronavirus-themed phishing emails can take different forms, including acting as though they are official health departments.

CDC alerts. Cybercriminals have sent phishing emails designed to look like they’re from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of coronavirus cases in your area. “You are immediately advised to go through the cases above for safety hazard,” the text of one phishing email reads.

Take the time to check if an E-mail claiming to be a local or national health authority. In the case of a phishing scam often scammers will push you to download some sort of file or follow a link. Often, they will insist you “Act Now” and often be poorly written in terms of correct grammar. You can investigate where links go by hovering over them.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

When a password is compromised, the threat actor can exploit the person’s authorisation levels to harvest potentially sensitive information or valuable company data. The use of Multi-Factor Authentication (MFA) is critical for home working, taking the basic security protocol of passwords to the next level. As the name suggests it, users have to provide two or more pieces of evidence to get through the authentication process. Consider moving employees on from short passwords to passphrases or even passwordless authentication, which sends users a one-time code or link via email of text.

How to create a strong password

Follow these tips to help yourself craft unique, complex passwords.

Do not use personal information

Don’t use your name or names of family members or pets in your passwords. Don’t use numbers like your address, phone number, or birthdays, either. These can be publicly available, on forms you fill out or on social media profiles, and easily accessible to hackers.

Do not use real words

Password cracking tools are very effective at helping attackers guess your password. These programs can process every word in the dictionary, plus letter and number combinations, until a match is found. Steer clear of using real words from the dictionary or proper nouns or names.

Instead, use special characters. By combining uppercase and lowercase letters with numbers and special characters, such as “&” or “$,” you can increase the complexity of your password and help decrease the chances of someone potentially hacking into your account.

Create longer passwords

The longer the password, the harder it may be to crack. Try for a minimum of 10 characters.

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

Top tip #1- Do not mix personal devices with work devices

Employees should use work devices to access files, resources and applications rather than use their personal devices. As we all adapt to working at home, numerous devices are going to be required (particularly during lockdown) so it is common for families to share hardware such as Smartphones, laptops or tablets. Despite the temptation to share equipment, any work devices should be used exclusively for work purposes.

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

Blackbaud paid the cybercriminal’s demand with confirmation that the data copy they had taken from their network had been removed and destroyed. Maynooth University was not the only college to be affected by the same attack. NUIG was also a victim of the same cyber criminals and there were many other institutions involved that have not been made public.

Opinion

Cyber attacks involving a ransom being paid are a lot more common than the public are often made aware. Companies and institutions won’t often make public that they have been victims of an IT attack which involved a ransom being paid because quite simply, it’s not very good for their image. To Maynooth University’s credit they have come out and made public the incident, which may influence similar institutions and organisations to do the same in the future. It’s important to note here that, it was Maynooth University’s security provider that ultimately paid the ransom, and not the university itself. It raises a hugely important point, a “Sophie’s Choice” -like conundrum. When a cyber criminal successfully infiltrates a network and gains access (And in this case ,makes a copy of some rather sensitive data) should an organisation pay the ransom? Is it the correct and righteous action for an organisation to make? Is it the only action they can make. It sets a rather unsettling precedent, given that successful cyber criminals are likely to move bullishly on to their next “project’ buoyed by the knowledge their previous efforts were profitable. The alternative, which is unthinkable for most companies and organisations, is to let the criminals have the data, to let it be leaked out or exploited in whatever creative and damaging ways they come up with. For an organisation to suffer the penalties for networks being breached and to let countless individuals that are associated with the organisation, whose data has been stolen, be completely vulnerable to a personal attack themselves. It doesn’t seem like much of an option, does it?

Troubling Questions

It raises a lot of troubling questions when large organisations and institutions are forced into a corner by bad actors and are forced to take care of these particular problems in such an uncouth way. Should companies budget to pay ransoms for Network or data breaches? Should they budget for repeat attacks? Do cyber criminals have a more talented “Workforce” than the IT Security sector? Well this particular question is perhaps unfair. Of course cyber criminals aren’t more talented than IT Security technicians, it just so happens that not being bound by morals or any code of integrity means they have a lot of wiggle room when it comes to achieving their “Goals”.

Answers

As with any great quandary that troubles any industry or country or generation, the answer doesn’t lie with any one person, institution or organisation. The answer to this particular problem lies with every company that keeps sensitive data on their network and also with the employees and members of the public that let their information be kept on an institution and also with the IT Sector as a whole. It’s incredibly important that every organisation relying on its network is committed to best practice and is absolutely committed to finding and mitigating threats before they occur and not after. It’s incorrect to say that all IT Security attacks are preventable. The complexity of both Network designs and a bad actor’s approach means that sometimes, a successful breach of a network is the only way the IT Security sector can learn about new threats or techniques. However it’s important to note that most network breaches are preventable or at least their repercussions mitigated by being obsessively “Network Hygienic” . Businesses in general have to be aware of the price of having such a powerful tool as a business network.

Whatever the case may be institutions paying ransoms to cyber criminals for data breaches is not a sustainable model for most businesses or institutions. The coming years in the IT Security sector, will be about learning to what extent we can prevent, not react.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

• Communication libraries (Bluetooth, Wi-Fi)

• Encryption libraries (i.e., wolfcrypt)

• Operating System

• Open source tools

• Different communication protocols (zigbee, mqtt)

• Chip/module manufacturer components – the software within the communication modules, i.e. Broadcom, Qualcomm, Sierra etc.

Despite best efforts, even a well designed IoT device is likely to have a 3rd party vulnerability inherent in it’s design. The vulnerability might exist in the device’s operating system or – as crazy as it sounds – within the encryption library itself. In such cases, your device is completely exposed to cyber-attacks, regardless of the best practices that have been used.

On one hand, vulnerability in a third-party component is very dangerous. In many IoT devices, there is no separation and segmentation between processes and/or tasks, which means that a vulnerability in one third-party library leads to compromising the entire device. When no user-kernel architecture exists, this could lead to lethal results. Even if such architecture does exist, attackers can still leverage the third-party vulnerability, take control over the device and cause damage.

How to mitigate against device vulnerabilities.

it’s hard to eradicate vulnerabilities when it comes to third party components in IoT devices but there are some best practice guidelines to follow.

-Keeping your device up to date is extremely important. Organisations that have patched the vulnerability on time did not suffer from the consequences of the attack.

-New version releases for each of your components, in order to update them as quickly as possible.

-New security issues (CVEs) to make sure your components aren’t exposed to hacking.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

Security information and event management, or SIEM for short, is an early warning system for possible incidents. Think of SIEM like panning for gold: this is about throwing out the rocks and picking the nuggets of information that could indicate a breach. It can be a hugely valuable tool in your companies IT Security arsenal, scouting out threats in the early stages before they become bigger, uglier events.

If your company deals with sensitive information, or holds information regarding customers, a SIEM solution of some scale will be a great addition to your IT Security system. It might also be mandatory to make your company data protection compliant. The question of size of company, or number of events on a network isn’t as relevant as the size of the the risks posed to your network. Would a cyber security breach have the potential to put your company out of business? If so, you might want to think about a SIEM.

How does SIEM work?

SIEM tools can give a level of automation and machine learning to your Log Management protocol. This can help your IT team focus on the activities in early development which may turn into threats/breach as opposed to manually having to dig through logs and find certain activities or patterns. A SIEM solution can learn over time which threats/activities are most significant to your business.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

They can be very difficult to detect as, generally work places are fast paced environment where a lot of information needs to be transferred quickly between employees. Checking an E-mail address for typos doesn’t seem like a good use of company time, especially when we send E-mails to that address every single day. Practice makes perfect with regard to scanning each E-mail your receive to make sure the address isn’t a close copy/fake.

The major reason these attacks are difficult to be detected by users is lack of attention to detail. Let’s understand this through an example:

Below is the same email address written twice, how fast can you spot the one with some error?

eeryaeel@reveantivirus.com

eeryaeel@reventivirus.com

It is hard to figure out the irregularity, especially when you have a hectic schedule at work and many distractions.

Executing the Attack

The final and the most important step is to choose a type of attack. Below mentioned are top 3 tactics used by attackers:

• By Registering a Look-Alike Email Domain

The attacker can register a similar email domain and create a new email ID using a similar name to the person being impersonated. The attacker sends an email message to the target asking them to respond urgently. For instance, impersonating the target’s boss, the attacker creates an email id Smith@reventivirus.com  and asks the victim to make urgent payment for an invoice attached with the message.  

• Editing the Display Name

The majority of the mobile email clients only show the display name of the sender. This makes it quite easy for the attacker to edit their display name and trap the victim into their game. For example, the attacker sends the message using an email like xyz@gmail.com but edits the display name to the person being impersonated. The increasing mobile trend contributes to the success of such attacks. However, in desktop email clients, both the display name and email id of the receiver are shown, which is why the chances of falling for an attack are less.

• Using a Free Email Account

A common tactic used by attackers. They send a message through a free email account such as Gmail, Yahoo, etc. In the email, the sender indicates that they have been locked out of their official account and need immediate help in order to get a task done.

How to Beat Impersonation Attacks

Awareness Training

Attention to detail can be a lot of help in combating cases of impersonation. Users should check sender details carefully. Any suspicious email message should be investigated before replying. Also, proper attention should be given to the message content, including attachments and URLs. Businesses should step forward in providing proactive cyber security awareness training to their employees.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

People are engaging more on social media to break the work-from-home monotony. However, you must always keep your IT security in mind. Be particularly careful not to inadvertently give away clues as to passwords or work details when you share messages on social media. It can be easy to include sports teams, hobbies, important dates in our Bio, but if that’s the case, keep those pieces of information far far away from your passwords!

Clicking pictures of the office and telling people exactly where you are or when you’re going to be there can be a little risky too. We all do it, but make sure before doing so that you aren’t opening yourself up to a breach by giving that information!

Can you spot errors of judgement that a cyber criminal might be able to manipulate on Dan’s Twitswoo profile?

1. Dan’s given his work E-mail on his public profile. This gives hackers a head-start when trying to get into his E-mails.

2. Dan has let potential hackers know that he’s not a fan of secondary authorisation apps like “Google Authy”. This lets hackers know that if they can somehow get Dan’s password, they’ll instantly have access to his e-mails.

3. Dan has left clues on his profile about what kind of numbers and phrases he might use in a password relating to his work e-mail.

Dan seems like a nice guy, but when it comes to information relating to his email and passwords he’s a little careless. When It comes to keeping secure on social media, don’t be like Dan.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

Okay! This one is short and sweet. At one time USB keys were very popular - particularly as branded giveaways at tradeshows. Over time it has been recognised that they do introduce risk and are thus best avoided particularly if you are gifted one. Instead, it is securer to use online company storage options like Google Drive, Dropbox, Box etc.

USB keys add a layer of cyber security risk we don’t normally concern ourselves with. They’re physical things and they can be misplaced. It’s easy for USB containing tonnes of info to end up, well anywhere really.

USB keys are also not normally password protected, unless they’re clever ones. Meaning that it’s simple and straightforward to access that critical data.

Your best bet is to steer clear of this particular retro piece of office gear.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

When calculating the ROI of a particular IT Solution we need consider the follow.

Annualized Loss Expectancy (ALE) — The estimated amount of money that will be lost in a single security incident (single loss expectancy) multiplied by the estimated frequency that a threat will strike within a year (annualized rate of occurrence).

Mitigation Ratio — Unlike ALE, this is an approximate number. The best approach is to assess the predicted number of mitigated risks based on a scoring algorithm established in the organization. For example, a company is considering investing in a data discovery solution that is expected to reduce the current data security risk by 85%, so the mitigation ratio equals 85%.

Cost of Solution — This is the only independent index in this equation. It includes all costs associated with solution purchase, implementation and maintenance. High overall cost can easily negate the value of security investments, so it is important to evaluate ROSI before making a purchase.

Regularly measuring the effectiveness of cybersecurity efforts is essential to avoid security incidents. There are so many options on the market that IT professionals find it difficult to understand which ones are worth the investment and efforts for implementation.

Evaluation of basic security metrics can serve as a good starting point and bring even more benefits if organizations do this on a regular basis. Accurately calculated, security metrics will provide actionable data about how well current IT security strategy and investments are working, determine which areas need improvements, and evaluate proposed new security investments so organizations allocate budget wisely.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

Regards, Ed. (Director)

==

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.

protect goods in transit and maximize route efficiency.

This means that there is an incredible amount of IoT data transfer and in some cases automated controls associated with IoT sensors (temperature controls for example). in the case of Ericsson Maritime ICT upgrading their fleet of freight operations on ships, it has helped them optimise their logistics but, as with any optimisation and automation, these optimisations give a myriad of opportunities for bad actors to access their data and controls.

Thanks For Reading..

Logz.ly is an INCA Networks Log Management and IoT monitoring solution.

Has your company got It’s IoT covered? Don’t put it off. Contact Logz.ly today.

How’s that?

Connected Vehicles 

In 5G capabilities, a large IoT system may allow autonomous vehicles, transferring products or humans, to perform  real-time tracking, monitoring, and data analysis to check performances. Automated repair facilities will evaluate a thorough check of devices for proper maintenance lowering chances of accidents. Self-driving vehicles have shown promising results in the early stage of testing although few infrastructure fallouts exist.

Connected Healthcare 

With 5G speed and IoT architecture, the health industry might see large changes with remote patient treatments, medical procedures, robotic surgeries, quick processing of PET scanners, and swift consultations. A modern revolution with wearable health monitors will encourage patient awareness and empower the new age population towards better health

Aerospace 

These 5G and IoT enabled devices will offer a plethora of functionalities like health monitoring, inventory management, equipment maintenance, fleet management, and advanced analytics to help Aerospace industries to control operations.

Monitoring 

With IoT and 5G a dynamic smart environmental monitoring will bring a new era helping organizations and the government to cut down on their pollution, greenhouse gases, etc. Farmers can monitor and analyze their livestock, crops, and machinery with remote locations, chips, and sophisticated drones efficiently. Security and surveillance-based censor will be enhanced further with inter-connected devices offering impenetrable security for banks and other financial institutions.

As the IoT landscape evolves one thing is certain, a growing number of devices will be connected to the internet and automated.

Thanks For Reading..

Logz.ly is an INCA Networks Log Management and IoT monitoring solution.

Has your company got It’s IoT covered? Don’t put it off. Contact Logz.ly today.

“In IIoT technology, sensors are attached to physical assets,” says Robert Schmid, Deloitte Digital IoT chief technologist. “Those sensors gather data, store it wirelessly, and use analytics and machine learning to take some kind of action.”

The IIoT is driving unprecedented disruption in an industry that has struggled in recent years due to talent shortages, and this offers hope for the industry’s future. The IIoT can transform traditional, linear manufacturing supply chains into dynamic, interconnected systems—a digital supply network (DSN)—that can more readily incorporate ecosystem partners. As key enablers of DSNs, IIoT technologies help to change the way that products are made and delivered, making factories more efficient, ensuring better safety for human operators, and, in some cases, saving companies a lot of money.

The “Where are my car keys?” application of IIoT.

Another huge benefit of the IIoT is location tracking—the industrial version of a connected fob that makes your keys impossible to lose. Workers can spend a lot of time locating tools, equipment, and finished goods inventory, but the IIoT reduces that time significantly.

“When equipment is built, it goes onto a massive inventory lot that could be three quarters of a mile on each side,” says Schmid. Simply finding equipment on the lot is so time consuming that one of Schmid’s clients saved $3 million per year on each of its production lines once the company’s equipment was outfitted with location-tracking sensors.

Dr. Richard Soley, executive director for the Industrial Internet Consortium (IIC), which works to test and promote the IIoT, has come across similar findings with his clients. Dr. Soley’s group works primarily through “testbeds”—experimental technology implementations designed to measure how well the technologies really work. One of the IIC’s testbeds involved a client with a massive number of tools that kept getting misplaced.

“The client found that its workers spent 47 percent of their time just looking for the right tools,” Dr. Soley says. “But with an IIoT solution, the worker could be told that the tool they needed was 10 meters behind them and to the left.”

This also meant that the workers didn’t have to spend time putting the tool back where it belonged. Thanks to the sensors, the system will always know where the tool is and will tell workers where to find it.

Safeguarding the communication and data transferred between these devices is imperative to their efficiency and keeping the IT Network of any company implementing such tools safe.

Thanks For Reading..

Logz.ly is an INCA Networks Log Management and IoT monitoring solution.

Has your company got It’s IoT covered? Don’t put it off. Contact Logz.ly today.

streets and subway tunnel lines knocked out power in and around the city for days.

SIlverstein, a property developer whose projects were hit harder than most, used the disaster as an opportunity to hit the reset button.

Silverstein deployed a mobile application that allows tenants to place and monitor work orders and requests, in addition to tracking the exact location of a shuttle bus specific to their residential buildings. It also serves an emergency-alert system, giving Silverstein a direct line of communication, via text messages, emails and automated voice calls, with tenants, residents, vendors and partners in the event of another catastrophic event. Perhaps its most innovative and comprehensive solution, Silverstein has created a centralized monitoring system for many of its buildings, including 4 World Trade Center. “We’re on the forefront of secure, safe, and effective IoT innovation in real estate,” said Bill Dacunto, executive vice president at Silverstein Properties. Building management systems are much smarter, with every device networked to provide continual feedback. “When building managers get information in real time they can immediately address whatever needs to be fixed,” he added. By analyzing utility usage and incorporating efficient energy cells during peak hours to supplement supply, Silverstein has also been able to reduce energy costs for its buildings.

Thanks For Reading..

Logz.ly is an INCA Networks Log Management and IoT monitoring solution.

Has your company got It’s IoT covered? Don’t put it off. Contact Logz.ly today.

Thanks For Reading..

Logz.ly is an INCA Networks Log Management and IoT monitoring solution.

Has your company got Its IoT covered? Don’t put it off. Contact Logz.ly today.

In order to take advantages of these efficiencies, these devices have to be connected to the internet. This poses a risk in itself, but the problem grows in stature when we estimate how many devices an operation might have to connect to the internet in order to have a positive effect on its output efficiency. Take the construction site for instance. How many tools might be needed on a large construction project lasting 2+ years? Thousands, perhaps even hundreds of thousands if the operation was particularly large. Hundreds of thousands of devices connected to the internet.

Each of these tools would now represent a vulnerability, or a relatively easy gateway to your company’s network. Not only that, but a potential bad actor could just target the tools themselves, potentially ruining the efficiency strategy, forcing a company to pour resources into re-organising the tools in a non IoT fashion. This could have a huge impact on schedules, timelines and deadlines. Management might even be in a position where they’d agree to pay a ransom, rather than go without their Iot-tool strategy.

It seems that we’ve grasped fully the positive that IoT in industry has to offer, but we haven’t really examined what might be the negative, or the security cost of IoT. Perhaps this is because, incidence of IoT hacking resulting in a large-scale corporate catastrophe isn’t common place enough for us to consider it a likely threat. IoT security is an afterthought. Something to sort out once the IoT strategy is up and running!

In real terms, the threats we face with IoT will be just as clever as it’s application and perhaps far more complex.

Thanks For Reading..

Logz.ly is an INCA Networks Log Management and IoT monitoring solution.

Has your company got Its IoT covered? Don’t put it off. Contact Logz.ly today.

Breaking it down to the most simple explanation, two factor authentication basically means adding a second layer of protection to your account, app or service to go alongside your regular method of logging in. In most instances, this involves receiving a code by SMS to your mobile number, but increasingly apps and services are sending a confirmation number to your device as a notification instead. Sometimes you can just tap the notification to approve the login.

How does two-factor authentication make your account more secure?

The idea is that you're adding a confirmatory step to your sign in attempt. Using the SMS example, it means no one can log into the account in question from a new device, even if they have your password.

When someone tries to log into your account from a new device, or even new browser, with your password, when they hit "enter" or "submit", it'll take them to a new screen asking for a code. This code has been sent to the registered mobile number as an SMS. 

Some apps that use notifications also send you a code. But increasingly, apps are just sending a notification to your key devices so you can just confirm it was you signing in (in their words, there's no code).

Is it necessary?

Yes. In the modern world, it’s safer to assume that your network is not only being monitored by your IT Team, but it’s also being monitored by bad actors, searching and waiting for an opportunity to present itself to breach your network. Utilising authenticator apps can negate some threats entirely, and while they can be a little tricky to set up, it’s more than worth it to keep your network secure.

Thanks for reading..

INCA Networks is a Cyber Security company in Co.Dublin with over 20 years experience in keeping business networks secure.

If you’re considering Managed IT Security for your firm’s network, take a look at our Managed IT Security page.