Monetized Attacks Spur New Threats: Expert Security Steps to Counter Them

In a candid conversation, Ted Harrington, executive partner at Independent Security Evaluators (ISE), shares critical insights into how successful cyberattacks breed new threats and outlines concrete security measures to stop them.

Threat Modeling: Understanding Where the Real Risks Lie

Harrington explains that the “greatest threat” varies by organization. “Threat modelling is an exercise where you identify the assets you must protect, the adversaries you face, and the attack surfaces they will exploit,” he says. “What is critical for one company may be trivial for another.”

Data Leakage in Web Browsers: A Study’s Takeaway

In a recent ISE study, 21 high‑profile sites across finance, healthcare, insurance, and utilities—70 % of those tested—failed to prevent browsers from caching sensitive data on disk. This left unencrypted content on end‑user machines. Harrington notes, “The study shows that even well‑meaning developers can miss key attack vectors if they don’t understand how attackers break systems.”

He recommends:

• Executive Education – Providing decision‑makers with clear, actionable security insights.
• Exploit Demonstration – Turning abstract risks into tangible threats to counter cognitive biases.
• Empathy – Listening to developers and UX teams so security solutions fit real‑world workflows.

The Romantik Seehotel Attack: Lessons for Hospitality and Beyond

When hackers hijacked the hotel’s door‑locks and demanded $1,600 in Bitcoin, the owner paid to keep guests safe. Harrington lists three key lessons:

1. Adversaries Evolve – Ransomware’s new use—coercing payment by disrupting guest experience—shows attackers adapt quickly.
2. Success Breeds Copy‑cats – A profitable attack invites imitators; the hospitality sector must anticipate follow‑up threats.
3. Security Is Multifaceted – PCI compliance and PII protection alone cannot safeguard brand reputation, guest safety, or experience.

ISE’s Industry‑Wide Impact

Harrington has led the Door Lock Security Working Group for Hospitality Technology Next Generation, producing an abstracted threat model and best‑practice guidelines for RFID, online, and mobile lock systems. He is now co‑chairing the IoT Working Group with Interel to guide secure device adoption.

Healthcare: Protecting Patient Health, Not Just Data

While HIPAA drives data security, Harrington warns that hospitals often miss the bigger picture: patient health. A two‑year study with 12 hospitals uncovered that attackers could cause serious harm—or death—by compromising medical devices. “Protecting patient data alone is insufficient,” he says.

Top Three Actions for IoT Service Providers

Harrington stresses building security into every development stage, from requirements to post‑deployment. He recommends:

• Third‑party Security Assessments – Independent experts can uncover vulnerabilities your team may miss.
• Adopt an Adversarial Mindset – Move beyond automated scans and standard penetration tests; think like the attacker.

Ted Harrington, executive partner of Independent Security Evaluators, was interviewed by editorial director Jeremy Cowan.

---