The 3rd Annual Internet of Things Cybersecurity Conference, Secure IoT 2019, will be held at the Green Park Conference Centre, 100 Longwater Avenue, Green Park, Reading, Berkshire, RG2 6GP, on Thursday, 7th November
The risk and damage to an organisation or individual in terms of reputation, costs, health & safety due to poor security practice can be considerable, as is illustrated in the timeline below.
The objective of the conference is for attendees to:
- Learn about he potential risks and vulnerabilities associated with IoT systems and connected devices
- Gain an understanding of IoT security best practice and guidelines
- Hear from leading experts and organisations providing guidance and best practice
- Meet companies offering security products, solutions and services
To book tickets:
- Amazon Web Services
- Department for Digital, Culture, Media and Sport
- Device Authority
- IoT Security Foundation
- NCC Group
- Pen Test Partners
For more information visit:
We are seeing an ever-increasing number and sophistication of cyber-attacks on systems and products that are using connected IoT devices. These attacks are being instigated by different types of actors including: criminals; states and state sponsored; issue-orientated hactivists (malicious insiders pose the greatest threat) and ‘script kiddies’.
In May 2018, the General Data Protection Regulation(EU) 2016/679 (GDPR) became enforceable. GDPR covers “security by design” in hardware and software. Data controllers are obliged to consider “data protection by design and by default”.
Organisations using insecure hardware could face action under GDPR should the firmware of IoT devices prove insecure and contribute to a spillage of personal data. In other words, not checking hardware is secure before procuring it, not configuring it securely (for example, not changing bad default passwords) and not expeditiously patching vulnerabilities in firmware (and other software) used to process personal data.
- 2014 – A hack attack caused massive damage at a German Steel plant
- 2015 – A cyber-attack on Ukrainian electricity distribution companies caused a major power outage, with disruption to over 50 substations. Fiat Chrysler had to recall 1.4 million cars in US after security researchers showed that one of its cars could be hacked
- 2016 – Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water. A massive Internet Distributed Denial of Service attack which caused outages for many Web sites (including Twitter, Amazon, Spotify and Netflix) was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV digital video recorders.
- 2017 – NHS hit by massive ransomware attack. Research Trend Micro revealed 83,000 industrial robots are ‘exposed’ to the public-facing internet, of which thousands are not protected with authentication. A Freedom of Information request reveals a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government. US Food & Drug Administration issued a letter calling for the voluntary recall of some 465,000 Abbott (formerly St. Jude Medical) pacemakers to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.
- 2018 – Avast’s threat labs team has discovered a new malware strain (codenamed Torii) that is building “the most sophisticated botnet ever seen” and it is targeting IoT devices. In addition to sharing information regarding infected devices, the malware’s communication with the Command and Control Server allows its authors to execute any code or deliver any payload to an infected device. Radware Threat Research Center identified a hijacking campaign aimed at Brazilian Bank customers through their IoT devices, attempting to gain their bank credentials. SEC Consult researchers issued a warning about critical vulnerabilities where 9 million Xiongmai cameras, DVRs are wide open to attack. Scientists at the Ruhr-Universitaet in Bochum, Germany, have discovered a way to hide inaudible commands in audio files–commands that, while imperceptible to our ears, can take control over voice assistants like Alexa, Siri, or Cortana.