There has to be a certain level of paranoia in the security industry. It’s what we do, our job is to believe nothing and see gaping holes where others simply trust things are being looked after.
I was recently asked in a media interview about the risk around the ubiquity of cameras in IT and consumer electronics, and with the increased connectivity of these devices to the internet, the risk posed should they be exposed and exploited by a malicious threat.
My simple answer was sticky notes or insulation tape across the lens when not in use. When asked if this was something I had seen before, and indeed, whether my colleagues took similar precautions, I answered “of course”.
When the article was published, the journalist had engaged with a significant number of my peers, and unanimously the vote came back that we industry types are all are aware of the prospective risk and take similar steps to mitigate the threat. That is our collective paranoia.
The bottom line for CSOs and anyone down from them is to ensure that awareness is raised about the prospective threat (and enforce standard issue mitigation devices such as; sticky notes, cigarette papers, insulation tape, band-aids and so on) to staff whose devices have integrated cameras and secondly ensure that awareness is raised to ensure operating systems and applications are regularly patched, and that anti-malware suites are updated regularly with scans executed. Anything which seems suspicious in the in-box, or on the internet (drive by downloads) generally is.
While a physical measure can be implemented, there are far more serious threats from a Remote Access Trojan (RAT) if it manages to find its way onto a system than simply taking screen shots or video with the integrated camera, such as accessing network resources and the information contained, or accessing the microphone and recording all conversations in the vicinity. Vigilance is the key.
Paranoia is optional, and as seen by the response in the original article, it may be solely confined to the security industry itself. What do you do?