New Product Release Implements Daily Username Change

Partners, Customers, and Team Ntirety,  

As you saw in the news, cyberthreats are up 800%.  Given this crazy upward trend we are seeing in cyberattacks, Ntirety as the global leader in Comprehensive Cybersecurity Solutions, is launching a new innovative Identity and Access Management (IAM) security product that will defeat all these pesky hackers.  This is a cornerstone of our Comprehensive Security Solution.    

 

  1. All Employees, Customers,  and Partners Must Use This New Product By Noon:   

This new product will not only be for our customers, but also for all Ntirety employees and partners. To access any of our tools, we will all be adopting first beginning today at noon (no exceptions).  

This new IAM product requires our employees, partners and customers to change their current user names every day, while also simultaneously changing their passwords every day. Your username, just like your password, must be an assortment of numbers and letters with no reference to your previous name.  

 

2. Learn to Love Your DUN: 

Furthermore, based on our CISO’s recommendations, while addressing each other in written communication, you cannot refer to other employees or customers by their real names anymore.  You have to refer to them by their Daily User Name (DUN).  Today as an example you have to refer to me not as Emil, or Emil Sayegh, but by my DUN “%KDApril1_22!”.  Tomorrow, it will be something different.  Everyone will have to download an Ntirety IAM RosettaStone App, that will give you the DUN of the person you are trying to communicate with. 

 

3. This is for your own good.    

While we know this may be inconvenient to some, but Cyber threats have unfortunately taken too drastic of a turn and we have to resort to these drastic measures to keep our employees and customers safe. This is for your own good.   The internet and social media have made so much of our lives public that cybercriminals can more easily figure out how to extract personal information from what we are posting especially when our user names are a simple combination of our first and last name. This new IAM product will help to protect our identities and prevent potential data theft.  We are in direct talks with Social Media companies for them to also adopt this technology.  We believe it will help in the global discourse. 

 

Please do not hesitate to reach out to your Ntirety team members with any questions you may have.   

 

Sincerely, 

 

%KDApril1_22!.   

 

PSA from Team Ntirety:  This blog was intended to be an April Fools joke but serves as a reminder to keep an eye out for social engineering scams. Communication or emails that come from higher-ups with edicts, giving you little time to react, that are plausible but out of character are typical tools for Social Engineering scams.  Make sure to educate and train your teams to be cautious when taking in new information and clicking unfamiliar links. If something seems too good to be true it very likely is, and it is better to use caution than suffer the consequences of data theft.

The Imminent Death And Rebirth Of Cyber Insurance

For insurance companies, it is important to predict all possible outcomes within their realm of protective services. This is not the path cyber insurance has followed, making it somewhat unreliable.  The following piece, The Imminent Death and Rebirth Of Cyber Insurance, from Ntirety CEO Emil Sayegh was originally published in Forbes. 

 We wake up every day to a pattern of record ransoms being paid as well as record increases in cyber-insurance cost. The Bloomington School District in Illinois published its cyber-insurance renewal costs and reported a whopping 334% increase in premiums. Faced with challenges, it is common knowledge that businesses must continually evolve due to circumstances such as opportunity, missions, and risks. The cyber insurance industry is no different. In this climate of record ransoms and cyber incidents, these challenges are creating a shift in insurance market conditions signaling that cyber insurance will fade towards demise as we know it. While this seems like a bad thing, there is a silver lining in all this. 

 Mounting Ransom Costs 

We are living in the greatest period of data vulnerability in history. There are risks everywhere, all of which carry significant financial burdens including ransomware, downtime, compliance fines, and data loss. The global pandemic opened opportunities for threat actors to escalate their attacks and seize, causing dramatic increases in ransomware attacks alone. Amid the shifting security haze of 2020, the consumer GPS company Garmin paid a significant $10 million in ransom and the tales of ever-increasing ransoms go on. While the average cost of a data breach now hovers around $4.24 million, organizations routinely find their insurance only covers about 40 percent of the costs incurred due to a cyber incident.  

 The Trend was Not a Friend  

Cyber insurance is built on the careful analysis and management of risks in a present-day environment. It is unimaginable to think of a scenario where the cyber insurance industry is not challenged by the rising challenges and costs of cyber-crime now. Reported cyber losses continually reach into figures in the billions of dollars. Each month is a record now. Meanwhile, the historical loss data continues to shift according to changes and escalation of risks. There is a palpable element of unpredictability that does not work well for the cyber insurance market and those looking for coverage.  

One can reasonably wonder how the cyber insurance industry got this wrong. How did they miss this trend? After all, insurance relies on heavy predictive analytics based on historical data. Sadly, in this case, the historical trend was far from predictive. The calculus was based on historical patterns of small-time hackers or lone wolves looking to get a quick hack of a hit. However, in the last two years, all of this has changed at such a pace, that the cyber insurance industry was caught ill-prepared. What is now driving the acceleration of costs, attack volume, and social engineering are nation-state threat groups. These new hacker groups are incredibly well organized. Organizations of cybercriminals from around the world who are demonstrably sponsored or ignored by their respective governments. What this means is that in addition to financial gain to sustain their operations, the disruption of the target’s operations is also their constant and perhaps primary goal. Attacks on infrastructure, military, and business entities have been continually associated with outside countries, such as the SolarWinds attack discovered in 2020.  

One way of looking at this tells the tale of a dying industry, slammed by rising challenges and costs and a lack of interest to back cyber liabilities. For example, it is easy to draw a line between ransomware-related claims and capacity throughout the industry. As it stands, just a small sample of losses within the industry could quickly wipe out the premiums collected well ahead of time. This is classified as unbearable risk within the pool and in insurance terms, losses are not acceptable.  

 Indemnification and Comprehensive Security to the Rescue 

In addition to the array of risks, one must now consider whether the state of cyber insurance constitutes an additional risk to the organization. The stakes are high and legal conditions abound. New coverage and rising renewal rates are a major concern. Premiums are rising by 10 to 20 fold, and that is if a renewal is even available. Enterprises are left exposed, or have to pay exorbitant premiums. The answer lies in going back to the fundamentals of minimizing heavy reliance on cyber insurance through a comprehensive security framework. Comprehensive security frameworks provide better security outcomes and a better posture for the insured. Furthermore, enterprises can leverage the indemnification provided by their cybersecurity provider in lieu of getting their own cyber insurance coverage. However, in order to do that, organizations need to embrace a comprehensive security approach. There is no wiggle room on that. 

Comprehensive security approaches can manifest through full spectrum security programs that provide protection, recovery, and assurance services that minimize risks. 

  • Protecting data means protecting data everywhere, all the time— including the perimeter, malware detection, finding threats, ensuring encryption and access. 
  • The benefits of recovery include virtualized and ready-access redundancy/restoration of systems that are available in any type of disaster including a breach. 
  • Building out an assurance program means life cycle assessments of security, compliance, logging, and the integrity of compliance within a given environment. 

In a challenging threat and cyber-insurance environment, comprehensive security augments risk aversion and minimizes reliance on more stringent insurance scenarios. 

 A New Dawn for Cyber Insurance 

Cyber insurance has and will adapt to these conditions, and we will see this evolution include demands for improved cyber-hygiene and exclusions that will shield insurance companies from providing coverage when the insured fails to maintain high security standards. We see that in the home insurance industry when security alarms actually reduce the premiums. Similarly, the cyber insurance industry, while nascent, will mature. It has just emerged from two years of nightmare losses and a risk climate that was hard for them to anticipate. You can expect specific adaptations ahead and an emphasis towards better education and improved cybersecurity practices. The rebirth of cyber insurance is in the cards, but it will be in combination with proper, responsible security planning and comprehensive security strategy. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn

A Valentine’s Day Message from Emil Sayegh

To our Partners, Customers, and Team Ntirety, 

 I wanted to wish all of you a happy Valentine’s Day!  

 Valentine’s Day, also called Saint Valentine’s Day or the Feast of Saint Valentine, is celebrated annually on February 14.  Valentine’s Day originated when St. Valentine healed the blindness of his jailer’s daughter in an act of selfless love. While Valentine’s Day is not a public holiday,  it has been celebrated since the 8th century, and Valentine’s Day has become a day that we celebrate with all the people we cherish and love in our lives.  I feel it is appropriate to celebrate this day with the people we spend 5 days a week with, and numerous hours every day as well as our beloved customers and partners that we support. 

 To all of the Ntirety teams around the world, I want to wish you all a Valentine’s Day full of joy and happiness.  Thank you for all you do every day, and for showing dedication to your job and to our customers.  To our customers and our partners, thank you for your loyalty and love.   I encourage all of you to show our customers the “love” today by living our values and customer pledge, and by making them smile with excellent customer service (as you always strive to do). If appropriate, consider wishing them a happy Valentine’s Day, too while delivering a WOW! experience. 

 Special thanks to all of you that are working this evening and night shift today in your local time zones instead of being with loved ones celebrating, and to those that are traveling on business today instead of being with your loved ones and families.  Your sacrifice and hard work is a clear display of love for our customers, and your fellow employees. 

 Happy Valentine’s Day! 

2022 Cyber Realities

While 2022 holds promise for a better future through advancements in technology, new cyber risks will come along with it. We must move forward with a positive mindset, while not forgetting past mistakes. Originally published in Forbes2022 Cyber Realities builds on Ntirety CEO Emil Sayegh’s Predicting What 2022 Holds For Cybersecurity piece published prior.

Looking to the Future

In addition, to my top ten predictions posted on January 6th, here are a few more: 

  1. Ransomware Will Continue to Evolve

Ransomware, which is malware that encrypts a user’s data and demands a ransom payment to unlock it, is one of the most rapidly evolving cyber threats. Ransomware attacks continue to cost businesses billions, a trend that is expected to continue and attacks that ask for larger ransom amounts. This is a market, and incentive will drive innovations and evolution in an already rapidly changing and challenging arena of cat and mouse.  

  1. Blockchain Technology Will Be Used for More Security, Finally

Blockchain technology is often associated with cryptocurrencies like Bitcoin, but it can actually be used for so much more. Companies are already using blockchain to secure business data, improve cybersecurity, and protect user privacy. In 2022, many businesses will have moved their operations to the cloud – instead of having physical servers on-site – making protections from cyberattacks a priority. Blockchain technology can help to secure these cloud-based operations by creating a tamper-proof record of all transactions.  

  1. Employees Will Be a Major Source of Cybersecurity Threats

Employees are often the weakest link in a company’s cybersecurity defenses. They can be tricked into opening emails that contain malware, clicking on links that lead to phishing scams, and using unsecured Wi-Fi networks. In 2022, businesses will need to focus more on employee training and awareness to protect themselves from these types of attacks.   

As cyberattacks become more sophisticated, businesses will also look to AI, machine learning, and monitoring services to help them detect and respond to these insider-based threats.  

  1. Will the Password Become Obsolete?

Even though new technologies that can replace passwords are emerging, they won’t be very popular by 2022. These technologies include fingerprint scanners, eye scanners, and facial recognition. They are not very user-friendly and can be easily hacked.   

As a result, 2022 will still see the use of passwords for the foreseeable future. However, organizations should start to move away from using passwords and towards using two-factor authentication. Two-factor authentication is a more secure way of logging in that requires users to input a password as well as a randomly generated code that is sent to their mobile device. This will make it much more difficult for hackers to gain access to your account. It’s a step in the right direction as passwords are extremely fallible. 

  1. Governments Will Finally Realize How Much They’ve Lost Due to Lax Cybersecurity

State and regional governments have been slow to adopt new security measures because they have been underestimating the power of cybercrime. They think that their current policies are enough to protect them from attacks. But as more and more breaches happen, it becomes clear that this is not the case. In 2022, governments will finally realize how much they’ve lost due to lax cybersecurity and they will start to take action. They will allocate more resources to improving their security infrastructure and they will also work with businesses to ensure better protection of their data. 

  1. The use of AI for Cybersecurity Purposes Will Increase Exponentially

As mentioned earlier, the use of AI is going to increase exponentially in the next few years. This will be especially true for cybersecurity purposes. Cybersecurity companies will escalate the use of AI-based tools to detect and prevent cyberattacks. These tools will be able to analyze data at a much faster pace than humans and they will also be able to identify new threats that wouldn’t have been seen before. 

Looking forward to 2022, we must fully incorporate and reflect on the key cybersecurity events of the year behind us. There are valuable lessons, a bit of dirty laundry to clean still, and a challenge that should always be at the forefront of our operations. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Predicting What 2022 Holds for Cybersecurity

2021 was a fascinating and somewhat terrifying year for cybersecurity, as all our fears regarding cyber-threats have come true in one way or another.

2021 was also tricky, as many organizations have been slow to adapt to the new security climate. Predictions aside, complacency is not an option if you plan to survive and thrive in 2022. Rest assured, the future of cybersecurity is bright, but it will come with its own set of challenges. We look forward into the future because the sooner we can start adapting strategy, policies, and technologies, the better off everyone will be in the long run. Predictions can be both exciting and terrifying at the same time, so please put on your seat belt and helmets.  

The Cybersecurity Talent Drought Will Get Much Worse  

The cybersecurity talent shortage that affects the industry is only going to get worse. At one point in 2021, there were 500,000 unfilled cybersecurity jobs in the U.S. That’s a figure that is likely to increase due to the continued growth of ransomware, data breaches, and other cyberattacks.  

Faced with this challenge, businesses will find it increasingly difficult to protect their networks and data. Services and specific technology partnerships will continue help fill and protect that which is sacred, but further help may be on the way from an unlikely place: artificial intelligence (Al). Al has the potential to detect malware on networks before it is spotted by employees. Along with machine learning, these technologies can better analyze vast quantities of data more quickly than humans, detecting sneaky issues such as phishing attacks, privilege escalations, data exfiltration, and insider threats.  

Supply Chain Cyberattacks Will Be Commoditized  

In recent years, we have seen a significant increase in the number of cyberattacks targeting software supply chains. These attacks are particularly effective because they can take down an organization’s entire software supply chain and services, resulting in massive business disruptions.  

Unfortunately, we can expect these attacks to become even more common in 2022. Cybercriminals will realize that these supply chain attacks are an effective way to cause maximum disruption, and once inside the trusted gates, the hardest part of the hack job is already handled. These groups will commoditize these attacks as a result. We can expect this commoditization to lower the bar for entry by encouraging less­ skilled attackers to conduct software supply chain attacks.  

The Death and Rebirth of Cyber Insurance  

Faced with a costly environment of escalating risks, the cyber insurance industry has seen many challenges in the past year and the premiums for coverage have skyrocketed. Even though many businesses are required to carry cyber insurance, these conditions are leading to companies no longer purchasing extensive policies. This market squeeze will certainly affect the cyber insurance industry itself.  

We are going to see this happen, but we will also see a resurgence of cyber insurance as companies become more aware of the risks associated with data breaches and standardize on what it takes to attain coverage. Cyber-lnsurance without Comprehensive Security, will become a non-starter.  

Combined with a growing awareness of the risks associated with data breaches and cyber incidents, the market for cyber-insurance is starting to mature, and premiums will become prohibitively more expensive for companies that don’t have a sound security strategy.  

More Smart Devices, More Risk  

It’s inevitable -The Internet of Things is a continually growing trend that will bring about more cyberthreats. In 2022, we can expect to see even more cyberattacks due to the increased number of loT devices. The proliferation of these often minimally protected devices increases the threat vectors through everyday devices. Hackers can attack through many vulnerable devices such as security cameras, smart TVs and DVRs in your home or workplace.  

The Mirai Botnet was one such attack which took down several high-profile websites with a denial­ of-service (DDoS) attack. This botnet was made up of millions of hijacked loT devices and attackers will always be looking for the maximum bang for their hacking buck.  

Cyberattacks Will Cost Lives  

The world is no stranger to the amount of damage hackers can cause. We have seen attacks on hospitals, transportation systems and even schools leaving hospitals paralyzed, cities without electricity and students’ grades showing up as Fs. However, what many people have a hard time imagining are the effects of a hacker setting their sights on critical infrastructure like power plants or dams.  

Threats will become all too real when an upcoming attack results in disruption and death. It’s not a pretty picture, but the actions of world leaders have indicated that cybersecurity is the front line in a global cyberwar and casualties are just a logical hop away.  

SHTF Events Will Put Disaster Recovery into the Forefront Again  

Expect the unexpected. Seldom have three words carried so much weight. An improbable but all too real SHTF scenario is out there waiting in some company’s destiny, but it doesn’t have to go the way of painful recovery. You can’t plan for everything, but you should plan for anything.  

From cyber incidents to weather disruptions, to natural disasters of every type, major events will drive a resurging focus on enterprise disaster recovery (DR) in the year ahead. The cost of not thoroughly protecting these systems is higher than ever and the events experienced in the last year are the beginnings of a wake-up call for both businesses and governments around the world. The need to protect critical infrastructure and data is now at the forefront of every boardroom conversation and government policy.  

Machine Learning/Al Tools Continue Changing the Game for Cybersecurity  

Machine learning (ML) and artificial intelligence (Al) have already started to revolutionize cybersecurity, and their impact is only going to grow in 2022. These tools are making it possible for organizations to detect and respond to threats much more quickly and effectively than ever before. Security professionals can identify potential attacks more quickly than ever before with Al-powered dashboards. Meanwhile, machine learning tools can be used to detect ransomware in an image file before it’s opened on a computer.  

Cybersecurity teams will use ML and Al to automate the detection of attacks, understand the impact of a breach, and reduce fraud.  

More Cyber Criminals In the Slammer  

Law enforcement agencies have stepped up their efforts to catch cyber criminals. While the biggest headlines seem to show that the perpetrators are never caught, many successful investigations have been resulting in prosecution. This increased trend is going to continue as law enforcement officials become even better at identifying and apprehending cybercriminals. That’s good news for businesses and consumers alike, as cybercriminals will have a reduced ability to operate with impunity.  

Tables Will Turn: Cyber Crime Will Hit International Companies In China and Russia  

A recent major cybersecurity report found that four in five large international companies have been targeted by cybercrime in China and Russia. The sad part that 40% of companies that loose data or have a data breach, end up going out of business due to the cost and reputational damage. These companies have fallen victim to a wide variety of attacks, including malware, ransomware, and phishing.  

As it turns out, nobody is immune to cyber threats and you shouldn’t do business with criminals. Foreign nations have been dancing a perilous line of espionage and state-sponsorship of attacks on adversarial and strategic targets. The tables are going to turn on them at some point.  

Quantum Computing to Make a Debut  

This one has been building up for a while now, but this should finally be the year that quantum computing debuts in the cybersecurity world. We are talking about actual quantum computing, not the marketing type of quantum-like features.  

The breakthrough will be small at first but expect to see products that can take advantage of the peculiar properties of quantum mechanics to do things like factor large numbers very quickly or break current cryptography within a few years. This could also present a serious challenge to today’s security protocols and necessitate a wholesale rethinking of how we protect our data.  

Quite a Vear Ahead  

There’s a sense of foreboding in cybersecurity, especially when everything seems to be as safe as possible. Cybercriminals thrive on this false sense of security and subsequent complacency to do their worst. We must always be on guard, prepared for the worst. Cybercrime is rampant and the threats don’t discriminate. This year alone, four in five large international companies have been targeted by cybercriminals – meaning that nobody’s immune to the risk of a breach. Fortunately, there are ways we can protect ourselves against these risks: strong cybersecurity protections like firewalls, anti-virus software and intrusion detection systems; training for employees so they know how to avoid becoming victims themselves; and understanding what brings on data breaches. The best approach is to not only adopt a comprehensive security approach to every level of the IT stack, but also include all business processes in that approach.  

Happy Holidays – A Message from Ntirety CEO Emil Sayegh

To Our Partners, Customers, and Team Ntirety, 

 The holiday season is here, and I’d like to sincerely wish you all Happy Holidays, Merry Christmas, and a Happy New Year.  May your heart & home be filled with peace & joy this holiday season.  I hope you all have a successful and healthy 2022 ahead of you.    

 I want to also take a moment to reflect gratefully on the past year—all of this year’s achievements wouldn’t have been possible without the hard work of our employees and collaboration of our partners. What we accomplished this year is something truly special and everyone should be proud of their contribution to securing our customers and making the cyber-world a safer place. 

 It is in this spirit of joy and peace that I say thank you for such a good year and encourage us to all look ahead at the amazing opportunities in the New Year! Please celebrate this joyous time with your family and friends.   

 Have a wonderful and blessed holiday with peace, love, and blessings to you and your family in 2022! 

Happy Thanksgiving – A Message from Ntirety CEO Emil Sayegh

Thanksgiving has always been one of my favorite holidays. What is not to like? Good food, good time with family, cool weather, and college football. Also, there is no pressure associated with exchanging gifts. Although Black Friday is around the corner, I prefer to not partake in it, and I always let the glow that comes from the Thanksgiving Holiday permeate the whole weekend. 

Thanksgiving marks a time to show appreciation to all those that have helped us and made our lives a bit easier. While this holiday is traditionally celebrated in North America, the message of giving thanks and reflecting on the past year’s accomplishments is important in many more cultures around the world. It is always important to and take a step back to look at the joys in everyday life. First and foremost, I would like to thank the customers, partners, and employees of Ntirety for the amazing success we had in this past year despite the pandemic and all the turbulence that came with it. I personally am thankful for our partners and customers who have enabled us to continue to grow. Thanks to them, and our amazing team, we will only continue to reach new heights and remain as the premier Comprehensive Security Services provider. 

I hope that each of you get to spend the entire Thanksgiving weekend surrounded by family and friends, taking a well-deserved break. For our customers, partners, and members of the Ntirety team that are working this weekend, I am grateful for your dedication and drive. I extend a huge thanks to you for being there for all of us to enable us to take a break. During this Thanksgiving season, certainly thank your friends and family who are special to you, as well as others that may not be as close. Kindness and gratitude start one step at a time. Let’s spread the love and gratitude around.  

I am thankful for all of you!  

Happy Thanksgiving.

Thank You to Veterans Everywhere – A Remembrance Day and Veterans Day Message from Ntirety CEO Emil Sayegh

November 11 is Remembrance Day in Canada and Veterans Day in the U.S.  Please join me in thanking all veterans everywhere for their service—an act of generosity that we can never repay.  To all those who have served, I would like to humbly express my deepest gratitude for your service.

Every November 11th, we celebrate both Veterans Day and Remembrance Day and in the USA and Canada to commemorate the end of WW1 in 1918. On the 11th hour of the 11th day of the 11th month, in 1918, the brutal fighting stopped in the First World War, but not after 15 Million people died in that brutal war, 6 million of them being Allied soldiers.   That day is known as Armistice Day, and still celebrated by all the Ally nations that fought and won the first World War. On November 11, 1919, Armistice Day was commemorated for the first time in the U.S. with President Wilson proclaiming that the day should be “filled with solemn pride in the heroism of those who died in the country’s service and with gratitude for the victory.” A similar action was taken by the Canadian Parliament sometime later.  Although the U.S. and Canada fought on the winning side, celebration of victory was replaced by solemn commemoration, and a sense that the countries owed a collective national debt to the ordinary soldiers who had lost their lives in battle.  Therefore, now every November 11th, we celebrate both Veterans Day and Remembrance Day and in the USA and Canada respectfully.

 

A special thanks to all of our partners, customers, and employees who are veterans, and to all veterans in both the U.S. and Canada who have sacrificed so much.  We honor you today, and every day.

 

Have a blessed day.

IoT Devices May Not Be the ‘Smart’ Choice

Tis the season to start hunting for the latest and greatest gifts, and smart technology is making just about anything, from homewares to exercise equipment, hot ticket tech toys. Are these smart devices on your shopping list this holiday? Buyer beware – there’s often not any consumer warnings about the cybersecurity risks these new IoT toys can bring. 

Ntirety CEO Emil Sayegh has done deep dives into the potential hazards of smart mirrors in his article Mirror, Mirror On The Wall and the very real consequences of IoT cyber-attacks in Peloton Breach Reveals a Coming IoT Data Winter both published in Forbes.  

Mirror, Mirror On The Wall and Peloton Breach Reveals a Coming IoT Data Winter 

Recently, attacks against Internet of Things (IoT) systems have emerged. With the technology in billions of everyday items, the scope of these attacks is worrisome. Because the migration to Internet-everything is unstoppable, we’ll be seeing these security incidents for a long time unless we adjust course quickly. 

The financial motive to add Web features to every device known to mankind is clear. It seems everyone wants to be on the Web, uploading data from their bicycles, sprinkler systems, refrigerator energy consumption, and just about everything you can possibly think of.  

Consumers accept risks, sometimes unknowingly, because many assume that the worst-case scenario will not happen to them or affect them significantly. 

The Peloton Breach 

That leads us to the breach of Peloton, the at-home connected fitness equipment company. A security researcher discovered an open unauthenticated API in Peloton bikes and treadmills, which revealed an open channel to information about users such as age, weight, gender, workout statistics, and birthdays. A significant amount of scrutiny has fallen on Peloton, which made a mess of remediation communications and deadlines. It appears that this is just the beginning of issues to come, as more items from the physical world come online, handling sensitive information that few people think about protecting until it is too late. 

In the wake of consumerized products from all walks of life, IoT systems and online accounts are under significant threat. It does not matter what the product is. An increasing number of smart camera platforms are being targeted by thieves. At risk are privacy, security, and the risk of fraud, and criminal gangs are exploiting the spoils of data to their merciless benefit. 

The Smart Mirror 

A recent story getting a lot of attention involves an interconnected “smart mirror.” With a price tag of $1,495, this mirror provides tips, suggestions, can set and keep progress on fitness goals, as well as delivering streaming workout classes. The company was picked up by the sportswear giant Lululemon for $500 million last year. Under the home exercise boom precipitated by the global pandemic, the product could be finding a mainstream groove. Reviews for the new product are trending well on the positive side and Lululemon appears to have a rare winning omnichannel marketing vehicle to pin onto their main product lines. 

Clothing and marketing retailers, like Lululemon, wield a fine history of supply chain, retail, and e-commerce experience, but a device with this kind of technology introduces challenging privacy and security concerns for the consumer and the company. 

Can IoT Be Slowed? Should It? 

Once upon a time, distributed alternating current electricity was the next new thing. Electricity, lighting, and motors were added to every item available at the time. Therefore, people no longer had to crank record players, grind coffee beans by hand, or shine shoes with a pile of rags. What it meant to consumers was that convenience and functionality were clear winners. With IoT, we’re seeing a parallel application of the Web to real-world things, but with additional variables of security and privacy concerns. Consumers seem to be unable to resist these features, and the ecosystem continues its stratospheric growth. 

What many consumers don’t seem to realize is that consumer products companies are in the business of selling the products they make. They are not in the business of securing our information. If history is any indication, they have failed at protecting personal information as their products connect to billions of endpoints in your kitchen, your garage, your bedroom, and every place you live your life. 

Considering factors such as the growth of the market, continual cybersecurity threats, and financial motivations driven by successful compromises, we can expect to see more information losses, even in places thought to be safe. Worse, threats once affected only digital things, but IoT drops the cyber realm directly in the middle of our physical world. Attacks against data can be attacks against critical systems, human beings, resources, and the world around us. 

Even the smallest bits of leaked data can be enough to compose purpose-built phishing attacks or be stacked into significant waves of fraud. Unfortunately, it will take an unknown event of significant scale or personal financial impact for users to collectively wise up and demand more security from the market. 

The Need for Strict Security and Privacy Standards

Proper use of privacy settings, privacy protocols, and comprehensive security tools are an absolute necessity. Companies must be held accountable when there are significant variances, misuse of data or violations of trust. Privacy regulations in Europe, California, and Texas have done their share to elevate the element of privacy to the forefront of discussion, but it may not be enough. Certain compliance measures also demand the ability for individuals to select their privacy settings of choice. 

Protection is Comprehensive 

Companies and individuals should embrace a security-first strategy that prevents unauthorized access by enabling a comprehensive security and compliance approach to technology implementations. Outlined by outside and organization-driven compliance, an organization can achieve compliant comprehensive security with the tooling of: 

  • Strong authentication 
  •  Strong privacy rules 
  •  Third-party monitoring and validation 
  • End-to-end encryption from the user device down to the database, application, and systems 
  • Roles-based access to data and systems 
  • Data classifications 

 This is a list that goes on and on, tracking highly to the mission, capabilities, and parameters of each organization that ventures into comprehensive security. 

Proactively Protect 

Don’t let these risks make you cross the latest smart devices off your wish list— work with experts to learn how to always be proactive when it comes to protecting your data. Practicing good cybersecurity hygiene isn’t just a priority for the holidays – schedule a Security Assessment any time of the year to strength your security posture (but don’t wait til it’s too late!)

 

A Happy Labor Day Message from Ntirety CEO

A Happy Labor Day Message from Ntirety CEO

I hope every one of our clients, partners, and team members had a safe and happy holiday weekend.

I encourage we all pause for a moment to be grateful and reflect on what our labor and hard work mean to Ntirety, clients, and partners this past year. This summer, some of us have had a chance to get away from work, away from video conferences, away from the news, and spend meaningful time with our extended families and friends for the first time in a year. Let’s be thankful for all that has gone right for our teams and our community in the past year.

I personally reflected this past Labor Day on the tremendous progress we have all made as a company and a Compliant Security partner in one year. To me, it was a day where I get to express my sincere gratitude for each of our team members’ very hard work that got us where we are and the growth and transformation throughout the company. That brings warmth to my heart.

So Labor Day and beyond, let’s give thanks, let’s be grateful for what we’ve got and where we are going together – teams, clients, partners, and community.

Emil Sayegh
Ntirety CEO