Experts spread awareness of cyber security threats that may be inside your home

HUNTSVILLE, Al. -- Cyber security is front and center in Huntsville this week at the National Cyber Summit.

Speakers are talking about everything from information security operations, to infrastructure security, when addressing cyber threats.

They say it is about protecting more than just the internet as non-cyber professionals know it.

"Most people, when they think of the internet, they think Google. They think Facebook. They think Reddit. And that is the way they interact with it," explained John Matherly, founder of Shodan.

He said websites are only part of the internet. His company, Shodan, deals with the internet as a whole. It is a company that specializes in identifying all the devices connected to the internet. It explores the "internet of things."

"If you know how to look, you are actually able to identify a lot under the surface," he said. "A large part of the infrastructure, many devices, are internet accessible," he said, "and that is dangerous."

Matherly said industrial control systems, which are part of a place's infrastructure, can be on the internet. He can find 100,000 of them, 50,000 of which are in the US.

"There are factories. We have even found nuclear power plants that are directly connected to the internet," he explained. "If you put them on the internet without any antivirus or any software protections, they are just easy pickings."

He means they are easy pickings for hackers.

But something else may be easy for hackers to get into, and you might have these in your home: smart devices.

"These devices are not very secure by default," Matherly noted. "Because they are like any other computer, they can be maliciously attacked, taken over, and used to attack other things. It is a giant liability for the entire internet to have these smart devices insecure," he warned.

Matherly said this is happening.

"The security community was worried about this problem for years. Last year there was an attack using these devices and it took down a lot of big websites. Finally, some of the companies realized this is an actual threat," he said. "But now we know it is a real threat, and that sort of power can be used against anybody."

While it may be your instinct to find a patch or something to help keep your devices secure, Matherly said manufacturers aren't as quick to care too much about security. He recommends shopping for a product from a vendor that makes it a point to be secure.

But mostly, he said this is a problem that needs to be fixed from the top down.

"A lot of these things really have to be handled at the higher level, like policy decisions," he explained. "It is not an easy problem."

Matherly also spoke at the summit about ransomware. We have already seen this become a major issue worldwide, with ransomware like WannaCry.

But these threats are evolving, and that makes this even more difficult to combat.

"These are professional outfits. This is not one guy working out of a basement," noted Matherly. "We have seen it turn into a real business. These are people that will control your computer, encrypt all the data, and if you don't pay them you won't get your data back... They are bad guys, but they are businesses and they operate like businesses. It is interesting to see this development."

Matherly said as technology develops and becomes more available, the communities and sectors need to work together to make progress in security. Communication to make everyone aware is key.

"It is a giant community-building effort. It is not just about protecting your own devices, it is about making sure your neighbor's devices are also protected," he said.