Cyber Security hem yog ib qho kev txhawj xeeb ntxiv rau cov tuam txhab muag khoom vim lawv tau txais kev txheeb xyuas tus kheej los ntawm Apple, Google Pay lossis lwm lub platform them nyiaj. Txij li xyoo 2005, cov khw muag khoom tau pom dua 10,000 cov ntaub ntawv ua txhaum cai, feem ntau yog vim qhov tsis zoo thiab qhov tsis zoo hauv kev them nyiaj.
Point of sale (POS) systems feem ntau siv ntau yam khoom siv sab nraud, software, thiab cov khoom siv huab cua.
"Qhov tsawg kawg nkaus, cov khw muag khoom yuav tsum xyuas kom meej tias lawv cov neeg cog lus ua raws li lawv thiab yuav ua raws li cov cai tswj hwm kev nyab xeeb tib yam uas lub tuam txhab nws tus kheej muaj. Muaj ntau lub cib fim rau tus neeg ua txhaum cai cybercriminal los ua kom zoo dua ntawm lub kaw lus, txawm tias qhov no yog nyob ntawm qhov chaw ntawm tus neeg muag khoom muab cov kev daws teeb meem lossis thaum siv thev naus laus zis los ntawm qhov chaw. Kev siv qhov tsis zoo hauv cov software siv ntawm POS cov khoom siv (lossis txawm nyob rau hauv cov kev pabcuam huab rov qab) tuaj yeem tso cai rau cybercriminal xa malware ntawm POS ntaus ntawv. Qhov no yuav ua rau lawv khaws cov ntaub ntawv nyiaj txiag ntxiv, ua rau muaj kev tawm tsam malware xws li ransomware lossis siv lub cuab yeej txuas mus rau lwm lub tshuab sab hauv, "said Chief Security Evangelist, Tony Anscombe los ntawm ESET.
Cyber kev tawm tsam 'kev cuam tshuam rau cov khw muag khoom yuav suav nrog kev nplua hnyav, kev nplua, cov ntaub ntawv poob, kev poob nyiaj txiag, thiab kev puas tsuaj rau lub koob npe nrov.
Tseem muaj Kev nyab xeeb kev hem thawj uas cov neeg siv ntsib thaum siv cov khoom siv IoT hauv khw muag khoom. Ntau tshaj 84 feem pua ntawm cov koom haum siv IoT pab kiag li lawm. Txawm li cas los xij, tsawg dua 50% tau ntsuas kev ruaj ntseg tiv thaiv kev tawm tsam cyber. Piv txwv li, feem ntau cov koom haum siv tib lo lus zais rau lub sijhawm ntev, uas ua rau muaj kev tawm tsam brute quab yuam, ua rau hackers nyiag thiab tswj cov ntaub ntawv.
Cov cuab yeej IoT tuaj yeem siv los taug qab cov neeg siv khoom txav thiab yuav cov keeb kwm, thiab cov neeg nyiag khoom tuaj yeem nkag mus rau cov ntaub ntawv no. Tsis tas li ntawd, cov neeg siv khoom tuaj yeem muaj kev pheej hmoo ntawm kev dag ntxias thaum siv cov kev them nyiaj xws li Apple Pay. Cov kev dag ntxias no tuaj yeem siv ntau hom, xws li cov apps cuav uas nyiag cov ntaub ntawv tus kheej lossis cov vev xaib uas dag cov neeg siv khoom nkag mus rau lawv cov ntaub ntawv credit card.
"Kev taw qhia txog cov txheej txheem them nyiaj tshiab no qhia txog qhov pib ntawm kev siv tshuab tshiab. Los ntawm kev saib xyuas kev ruaj ntseg, qhov no yog thaum tej yam uas feem ntau yog qhov yooj yim tshaj plaws. Dab tsi ntxiv, cov khoom siv txuas nrog uas tsav qhov kev hloov pauv no twb tau suav hais tias yog qhov txuas tsis muaj zog tshaj plaws hauv lwm qhov kev xa tawm ntau dua. Kuv ntseeg tias hauv khw muag khoom, ib yam li hauv lwm qhov kev lag luam, peb yuav pom cov cuab yeej no tau siv los ua kom muaj kev sib txuas hauv network, nthuav tawm cov ntaub ntawv rhiab, khiav cov kev dag ntxias digital, thiab ntau dua. Thiab txawm hais tias cov cuab yeej tshiab muaj kev nyab xeeb rau lawv tus kheej - thiab qhov no yog qhov loj IF - lawv tseem tab tom nkag mus rau hauv ib puag ncig uas muaj tag nrho nrog cov cuab yeej cuab tam IoT, uas tuaj yeem siv los hla lawv tus kheej tiv thaiv. Saib ntawm tej yam ntawm cov neeg ua yeeb yam tsis zoo, qhov peb muaj ntawm no yog qhov nthuav dav ntawm qhov chaw tawm tsam - ib qho uas ntxiv ntau yam tshiab "muaj txiaj ntsig" rau qhov uas twb yog lub hom phiaj nplua nuj, "said Natali Tshuva, tus CEO thiab cofounder ntawm Sternum, tus lej-dawb, ntaus ntawv-neeg nyob hauv IoT kev ruaj ntseg, kev soj ntsuam, thiab lub tuam txhab tshuaj ntsuam xyuas.
Txhua lub cuab yeej IoT muaj nws tus kheej cov khoom siv software hauv. Qhov no yog vim hais tias cov cai uas khiav cov cuab yeej ua tau yog ib qho kev sib txuas ntawm ntau qhov chaw kaw thiab qhib qhov project. Raws li xws li ib qho kev hem thawj tam sim no yog qhov nthuav tawm ntawm cov neeg siv khoom rhiab lossis cov ntaub ntawv tus kheej nrog kev dag ntxias cyber. "Qhov no txawv ntawm lwm qhov kev dag ntxias digital, zoo li phishing thiab lwm yam kev lag luam kev sib raug zoo," said Tshuva.
"Ntawm no lub hom phiaj yuav tsis muaj kev xaiv los tiv thaiv kev tawm tsam los ntawm kev ceev faj lossis txawm tias xav tias muaj qee yam tshwm sim - yeej tsis yog txog thaum nws lig dhau lawm."
"Peb nyob ib puag ncig peb tus kheej nrog cov khoom siv sib txuas, tab sis lawv yog 'lub thawv dub' rau peb thiab peb yeej tsis paub tiag tiag - lossis muaj txoj hauv kev paub - dab tsi tshwm sim hauv sab hauv."
Raws li Tshuva, feem ntau IoT cov khoom siv niaj hnub no twb tau khiav ntawm cov lej los ntawm ob peb (tej zaum ob peb lub kaum os) cov chaw muab software sib txawv, qee tus uas koj tsis tau hnov txog. Feem ntau, cov 3rd-tog cov khoom no yog cov saib xyuas kev sib txuas lus, kev sib txuas, thiab lwm yam kev ua haujlwm. Thiab txawm tias lub operating system tuaj yeem yog qhov sib xyaw ntawm ntau qhov sib txawv OSs ci ua ke ".
"Qhov no nthuav tawm ib qho kev sib tw loj ntawm IoT kev ruaj ntseg uas, dua, rov qab mus rau lub tswv yim ntawm kev nthuav dav qhov chaw nres. Vim hais tias nrog txhua lub cuab yeej koj qhia rau lub kaw lus, qhov koj tab tom ntxiv yog cov cai tswj hwm los ntawm ntau tus neeg muab kev pabcuam software, txhua tus muaj nws tus kheej qhov tsis zoo los nchuav rau hauv kev sib xyaw, "Tshuva xaus lus.
Cov khw muag khoom yuav tsum tau ua ntau kauj ruam txhawm rau tiv thaiv lawv tus kheej thiab lawv cov neeg siv khoom los ntawm cyber security hem. Lawv yuav tsum xyuas kom meej tias lawv cov tshuab tau hloov kho tshiab nrog kev ruaj ntseg thaj ua rau thaj tshiab, thiab lawv yuav tsum muaj cov phiaj xwm kev ruaj ntseg zoo nyob rau hauv qhov chaw. Cov neeg ua haujlwm yuav tsum raug cob qhia txog kev txheeb xyuas thiab teb cov kev hem thawj ntawm kev nyab xeeb, thiab cov neeg siv khoom yuav tsum paub txog qhov txaus ntshai ntawm kev siv IoT cov khoom siv hauv khw muag khoom.
"Raws li cov khw muag khoom siv IoT rau qhov chaw soj ntsuam ntawm lawv cov neeg siv khoom, lawv tsim cov ntaub ntawv nplua nuj txog kev txav mus los thiab kev yuav khoom ntawm cov neeg siv khoom. Cov ntaub ntawv no tsim cov ntaub ntawv taug kev uas yuav tsum tau ua tib zoo saib xyuas vim tias kev yuav cov ntaub ntawv ua ke nrog kev txav tuaj yeem nthuav tawm tus cwj pwm ntiag tug heev. Peb tau pom ntau lub hom phiaj kev tawm tsam ntawm cov khw muag khoom ntawm lub sijhawm ntawm kev yuav khoom thiab, yog tias qhov no tuaj yeem ua ke nrog txoj hauv kev uas cov neeg siv khoom siv los ntawm lub khw, khw, lossis txawm nyob thoob plaws nroog thiab sab av loj, cov neeg siv khoom yuav muaj zog rov qab los rau kev puas tsuaj. Cov khw muag khoom muag, "said Sean O'Brien, tus tsim ntawm Yale Privacy Lab.
Txhawm rau nkag siab txog cov kev hem thawj, cov koom haum yuav tsum nkag siab tias kev siv cov kev daws teeb meem digital los ntawm cov khw muag khoom lag luam txhais tau tias siv cov kev daws teeb meem los ntawm software thiab nce qhov chaw nres rau cybercriminals.
"Dab tsi uas tau siv los ua cov ntawv sau nyiaj ntsuab tam sim no yog "ntse" qhov muag uas ua haujlwm thiab sau cov ntaub ntawv them nyiaj rau cov neeg siv khoom, ua rau lawv xav tau lub hom phiaj. Cov tshuab no nquag txuas nrog kev lag luam e-lag luam ntau dua li cov khw hauv online / nqi / cov khoom muag, thiab lwm yam, uas yuav ua rau lawv nkag mus rau cov tshuab tseem ceeb dua. Ua raws li cov kev daws teeb meem ntse, cov lag luam muag khoom kuj pom lawv tus kheej raug rau ransomware thiab tsis kam lees txais kev pab cuam tawm tsam uas thaiv lawv lub peev xwm ua lag luam. Tsis tas li ntawd, cov khoom siv PoS, ua cov khoos phis tawj me me, tuaj yeem siv hauv kev tawm tsam botnet loj, "said Maty Siman, CTO thiab tus tsim ntawm Checkmarx.
Cov tuam txhab lag luam e-lag luam siv ntau tus neeg muag khoom sib txawv rau lawv cov txheej txheem. Los ntawm kev kho vajtse thiab software mus rau kev ua haujlwm thiab kev pabcuam nyiaj txiag, txhua tus neeg muag khoom siv ntau cov software thib peb thiab cov khoom siv uas, dhau los, kuj yog nyob ntawm cov khoom thib peb.
"Yog tias tus neeg ua phem ua phem tuaj yeem siv lossis qhia "rov qab" rau ib qho kev cuam tshuam ntawm txoj kev, lawv tseem ceeb tau nkag mus rau cov kev daws teeb meem uas tuaj yeem pom tom qab hauv khw muag khoom lag luam. Thaum txhua yam tso siab rau software niaj hnub no, kev cia siab rau qhov qhib software ua rau cov teeb meem no hnyav dua, "Siman hais.
Raws li Siman, kev kawm ntawm cov neeg ua haujlwm ntawm kev coj noj coj ua zoo tshaj plaws yog qhov tseem ceeb. "Cov ntaub ntawv yuav tsum tau rov qab tsis tu ncua, thiab cov neeg siv khoom muag yuav tsum siv cov passwords muaj zog thiab MFA. Lub network siv rau kev lag luam yuav tsum raug cais tawm ntawm lwm lub network, thiab cov khoom siv thiab lawv cov software yuav tsum tau hloov kho tsis tu ncua thiab patched. "
Tib neeg tseem yog qhov kev hem thawj tshaj plaws, hais tias Sean Tufts, IoT / OT tus thawj coj kev nyab xeeb ntawm Optiv. "Muaj tsawg tus neeg ua haujlwm lossis kev sib tham tim ntsej tim muag ntawm qhov muag thiab / lossis kev kuaj xyuas ua rau muaj kev nyiag lub cev ntau dua, tab sis nws kuj tseem qhib cov khw muag khoom no kom muaj kev cuam tshuam ntau ntxiv los ntawm cov neeg ua yeeb yam muaj kev hem thawj tab tom nrhiav kom tau txais txiaj ntsig ntawm lub khw muag khoom. ntseeg. Qhov ntau cov tshuab no tau tso tseg tsis muaj neeg saib xyuas, ntau qhov sib cuam tshuam tuaj yeem ua tau thiab yuav raug tswj xyuas, xws li skimmers ntsia thiab cov chaw nres nkoj nkag. "
Tau qhov twg los: https://www.forbes.com/sites/dennismitzner/2022/09/14/self-checkouts-iot-and-the-rise-of-retail-cyber-security-threats/