THE HERO of THE STORY:
The Wealth Manager
- Known associate of venture capital firm
- 12 home security cameras were vulnerable
- Any threat actor could view camera feeds, access the connected home, and compromise the family and the company
The Problem
Associate’s home cameras were vulnerable.
- Onboarding penetration test found that 12 home security cameras at the executive’s home were exposed to the public internet
- Security review discovered a lack of authentication which allowed any individual to view camera feeds and configuration files
- Any opportunistic attacker can use scanning technologies to locate the publicly facing cameras and peer into the wealth manager’s private life.
- Should a bad actor get into the home automation system every device on the network was viewable, including corporate devices.
It’s almost impossible to know if a home security camera has been hacked – and what to do about it. Because of his unique profile with a financial firm, the executive and his company needed a way to detect risks, secure both the cameras and the home – in a frictionless way that didn’t interfere with digital experiences or privacy.
BlackCloak’s Guidance
After discovering that the associate’s home cameras were vulnerable, we provided a summary of the risks and recommended a comprehensive plan to mitigate them. Working alongside the client’s IT support team, an older router was exposed that was exposing multiple vulnerabilities to the internet. The router was replaced and we implemented proactive security measures to stop future attacks.
- Conducted a penetration test of the associate’s home network during onboarding.
- Provided a vulnerability report detailed risks, severity, and recommended mitigation.
- Communicated risk well within service level agreement (SLA)
- Provided direct support to firm’s IT support team to remediate issue before the associate’s home security and firm’s security postures could be compromised.
Putting the Plan into Action
The client purchased the BlackCloak’s Concierge Cybersecurity and Privacy™ solution to be proactive about their cybersecurity posture and better understand the areas in which they were at most risk. The plan included the spouse’s devices and footprint as well, to achieve comprehensive coverage.
The BlackCloak team worked with the associate’s personal IT team to remediate all risks. BlackCloak’s team ran additional tests after the IT team’s updates and identified new exposures, where then remediated. Re-testing after implementation is a crucial part of a holistic plan.
