Cybersecurity practitioners are not paying enough attention to the home as a viable attack surface, especially as some adversaries change their tactics from compromising and stealing data from vulnerable devices to weaponizing them, warned Christopher Young, SVP and general manager at Intel Security, at the 2017 RSA Conference on Tuesday.
In a keynote session, Young expressed concern that security professionals are so preoccupied with the cloud as an emerging threat surface, that they ignoring the looming danger of connected Internet of Things devices at home. “We've given the enemy all the scale they could possibly want by connecting our homes with smarter, faster, better devices, by leveraging big-data analytics to drive really important decisions that coordinate much of what we do in society,” said Young, who is set to become CEO when Intel Security spins off from Intel Corporation and rebrands itself as McAfee.
Young cautioned attendees to take employee homes into account when developing work policies, building cybersecurity architectures, and provisioning tools. “If you want to worry about where your next corporate vulnerability or governmental vulnerability might lie, it's likely to be in the home of the people who work for you,” he noted.
Young cited the Mirai botnet's attack on the Domain Name System service provider Dyn as a prime example of IoT's power, and how home devices can be used destructively. “I'd argue that this is just a test. The attackers are just trying to see what they can do next, what's possible, what are the limits of their capabilities,” he said.