Yaşar Ateş

System and Security Administration Manager15 June

IOT and Cyber Security

Influence of Covid-19 Pandemic is intensely felt around the World; Homeoffice working concept has increased even more in this term. Since a lot of people #Stayhome, cyber security attacks against to home tech and IOT devices has increased exponentially.

If we consider what should we do about it.

Working from home might mean that giving system access to inexperienced or possibly unqualified personnel, remotely accessing to the Building Management Systems (BMS) for maintenance, updates or system changes.

Routine changes on personnel arrangements, can mean that software updates delayed or uncompleted.

Decreases or changes on proper physical security updates, can allow unauthorized access to server rooms or BIT structure.
IOT ve SiberGüvenlik
This new working ways and changes add risk and create opportunities for unauthorized usage or endangering the building management systems. Most buildings have series of systems for controlling the functions connected to the internet. These go up from IP based CCTV to “Smart Buildings” which are sophisticated and have well-equipped integration systems for controlling heating, air cycling, lighting etc thorough Building Management Systems.
IOT ve SiberGüvenlik
Any system connected to the internet, is defenseless against potential criminals, pc pirates and in some cases foreign state-supported actors. Attacks against to building management systems not just let the attacker take control for the usage of violating the building management, also these systems and corporate IT nets they may be connected.
IOT ve SiberGüvenlik
To protect these devices against cyber attacks, we can apply below items:

1- Evaluate the potential security risks and agree with building stakeholders(Owners, Facilitate Managers, IT/Cyber Security teams) on a mitigation plan for the continuous observation process.

2- Check/scan unknown Iot devices that may be connected to your net/systems.

3- Make sure that all Iot devices are safe behind a distributed security wall.

4- Change all factory default ID infos and make sure that all passwords are unique for each building/account/device. Comply password policies (Password past, minimum characters and complicity). Try to use 2FA (ID validation app or SMS code like).
IOT ve SiberGüvenlik
5- Rename the default accounts and disable the unused accounts.

6- Try to keep the systems, software and devices always updated.

7- If possible, instead of connecting the internet straightforward, authorized personnel is able to access these devices with a VPN with special permission.

INVENTIV BLOG

Related Articles

Securvent

What Is Penetration Test?

What is an infiltration test, penetration test, pentest? Why do we need infiltration tests? How often should you have the penetration test for the safety of your systems, software and sensitive…

Daha Fazla
Securvent

RxSwift and Reactive Programming

Daha Fazla
Securvent

What is KVKK? Things to know about KVKK (Episode-1)

KVKK means the law of protection of personal data. What is KVKK, when it came into force, the purpose and scope of the law is the answer to the questions you can find in this content.

Daha Fazla
Securvent

5 Simple Methods to Provide Data Security on Your Business

The answer to the question of what is data safety in institutions and we have compiled 5 different methods that you need to apply for 5 different methods for you.

Daha Fazla
Securvent

Trust Stamp Obligation on E-Commerce Sites

The trust stamp clearly indicates the existence of a “minimum security and service quality standard”. The Trust Stamp is described as “The electronic sign given to the service provider and…

Daha Fazla
Securvent

What is KVKK? Things to know about KVKK (Episode-2)

In the 2nd part of our article, you can access the details of the purpose, scope and law of KVKK.

Daha Fazla
Securvent

Cybersecurity Trends and Emerging Threats in 2021

2021 is finally here and it brings a more bright future along with however we have long way to go. In this episode, we will review the five cybersecurity threats that creates prominent potential risk…

Daha Fazla
Securvent

Mobile Phishing Attacks Targeting the Financial Industry Has Increased by 125% in 2020

Daha Fazla
Securvent

Working From Home and Cyber Security Precautions

Even years later, when it comes to 2020, everyone will think of Covid-19 or Corona virus, which we all know.

Daha Fazla
Securvent

Ransomware : To Pay or Not ?

The face of the disaster has changed. Ransomware cyber attacks have become a threat that is increasingly common for the small and medium scale merchants. Schulze and James R. Slaby, explain that why…

Daha Fazla
Securvent

Conti Malicious Software Activities Is Increasing

Daha Fazla
Securvent

How To Adapt to KVKK?

With the KVKK Law, it has been made compulsory to protect all information technology systems containing personal data against any unauthorized access threats that may come over the internet.

Daha Fazla
Securvent

Attackers Imitate WhatsApp Voice Message Warnings to Steal Information

Researchers have discovered that attackers imitate message notifications that comes from WhatsApp of a malicious phishing attack that uses a legitimate domain to spread out a malware who steals…

Daha Fazla
Securvent

What Is Data Security?

Thera are thousands of cyber attack methods that would cause losing all of your datas or some of them, which are the most valuable assets of your organization. By this reason providing the data…

Daha Fazla
Securvent

What is phishing?

In such attacks, the attacker imitates a real company to get your login information. It sends you an e-mail to get your account information and directs it to a fake web page.

Daha Fazla
Securvent

Why We Should Perform Penetration Tests with Different Firms?

The most frequently mentioned reason in the change of the companies that perform penetration tests is to give a “new perspective to the test.

Daha Fazla
Securvent

Which Programs To Use For Data Security?

Every computer you have in your house or work should have an antivirus program. Event though the effectiveness of the antivirus programs is debated, this should be thought as a simple hygiene rule.

Daha Fazla
Securvent

What to Consider When Choosing Penetration Test Firm?

Experience and ability are the indispensable of a penetration test. Specialists who will perform the penetration test should be talented, have the deep knowledge of the sector and all required…

Daha Fazla
Securvent

What Is Cyber Security?

We will briefly explain what happened from the eyes of the expert related to cyber security.

Daha Fazla

SEE ALL