How Dark Cubed Sounded the Alarm About IoT Security Concerns

We’re in the Business of Monitoring for Threats

Every once in a while, during the normal course of taking care of business, something gives you pause. You’re moving at the usual fast pace, managing clients, monitoring their networks and solutions, and suddenly a little snippet of information, or the pattern of a data set, hits you between the eyes. You’ve got to stop and investigate it further, and when you do, you realize that it’s something that you need to share with a community of like-minded individuals. That was the case with the Dark Cubed team this summer.

The Internet of Insecure Things

We began a research project using our cyber threat detection capabilities to explore the behavior of several off-the-shelf “smart home” devices: smart light bulbs, security cameras, and smart electrical outlets. Given the growth in the numbers of these things being deployed by consumers in their homes across the US and around the world, we wanted to explore how much attention has been given to the security of these Internet of Things (IoT) devices by their designers, their manufacturers, and the retailers sourcing them and selling them online or in their stores. We’ve all seen the stories about how these devices can be hacked, but our research wasn’t about that. Dark Cubed wanted to dig into what these things do, and to whom they are communicating, during their standard, uninterrupted operations.

What we found was shocking. It is painfully clear that for a number of these devices, zero consideration has been given to security. Even worse, the retailers have obviously done zero due diligence into the security of these devices. Most of these devices are sending way too much information to China, and we thought people should know about this. We decided to spread the word to the audiences who should care: security experts, device manufacturers, retailers, and the consumers themselves should they be so dispositioned to think about these things (hint: they should!). Dark Cubed’s summary and extensive technical volume are at your disposal if you would like to explore them.

Getting the Word Out

Once we completed our papers, the Dark Cubed team wanted to spread the word as quickly and efficiently as possible. Working with our Katzcy partners, we rapidly embarked on a two-week awareness-generation plan, drawing on a key set of marketing automation and networking capabilities. We chose:

• SharpSpring to create a central hub to monitor and track audience communications across all channels and to observe and respond to their engagement.
• Initial outbound campaigns through the web and broadcast media, with messages positioned at selected audiences of interest including the cybersecurity community and the retailer and investor community.
• Social media campaigns incorporating both a broadcast strategy and an engagement strategy to add the Dark Cubed voice to IoT security conversations that were underway on Twitter, Facebook, and LinkedIn.
• Targeted customer journeys for those who downloaded the initial overview paper, guiding them to more information based on their self-selected persona (media, tech geek, cybersecurity expert, etc.).
• Live BrightTALK webcast to present technical findings to a large audience all at once.

Measuring the Results

One benefit of using marketing automation is the ability to monitor the performance metrics of all campaigns so that we can plan better and be more effective the next time. The Dark Cubed team was thrilled with the results that we achieved:

• 54% increase in traffic to our website
• >4000% spike in registered leads over our monthly average
• >120,000 social media impressions through direct followers and re-posts
• Ongoing engagement with the webcast recording with 2x post-broadcast viewers compared to live viewers

We did good work exploring the security of IoT devices, and we wanted to let people know. Our results with Katzcy demonstrated that you can make a big impact in having your voice heard in a short period of time with focused effort.

About the Author:

Vince Crisler is a proven cybersecurity and IT strategy leader with deep experience in private-sector and federal government environments. As the CEO of Dark Cubed, Vince offers technical, operational and strategic expertise to CEOs, CIOs and executive teams for companies of all sizes, as well as critical leadership in developing leading-edge products for threat detection and management. Vince also has extensive experience supporting the Department of Homeland Security on the development and implementation of cyber security technologies to protect Government and Private Sector critical infrastructures.