Can we secure the IoT to prevent another cyber attack?
A large part of America and Europe found that they couldn’t access some of the biggest sites like Netflix, Twitter, Amazon, the New York Times, Etsy and Github among others, following a massive DDoS attack that took down the DNS service provider Dyn. Although the cyber attack was soon mitigated, it raised lot of questions and concerns about the overall security of online infrastructure and the internet. Now, when the world is at the zenith of digital transformation and the Internet of Things (IoT), what could this mean if there are going to be thousands of easily-hackable devices in the open?
The hackers used a new weapon called the Mirai botnet to carry out one of the largest cyber attacks ever. Dyn estimates that the attack involved about 100,000 malicious endpoints and the strength of the attack was about 1.2 terabytes per second. Explaining how the attackers were able to bring the internet to a standstill by using a single DNS service provider, Network World said that “tens of millions of internet-connected devices of IoT were used”, most of which were mundane items like DVRs and security cameras.
The weakness of such devices, the report said, is that they use default or guessable passwords, always stay online and do not have much security. The attack was mitigated, but there is no guarantee that it cannot happen again, this time possibly at a larger scale. So the real question is: can we protect these devices collectively called the IoT, and prevent such attacks in the future?
Why we should be worried
An IoT device could be anything, right from a small chip to a huge machine that allows users to control or take specific data from the device. As more and more devices are getting smarter these days, we are paying lesser attention to whether they are secure and free from malware. These devices can be manipulated or compromised with from any part of the world.
According to a report published in Business Insider Intelligence, enterprise IoT is the biggest market of smart devices. The enterprise sector, will account for 39 percent of the 23 billion active IoT devices that is expected to be in use by 2019. The scale is just getting bigger with the spending on enterprise IoT products estimated to reach $255 billion by 2019, a compound annual growth rate of about 40 percent. According to a Forbes article, there are half a million Mirai botnets already running worldwide and hackers trade in them now, with about 100,000 of these ‘problem’ bots being sold for less than $8000. This means there is reason to be worried about these attacks.
How can we beef up security?
Some people are of the opinion that the government should have some sort of regulatory policy for the internet and IoT devices. At present, there are some existing guidelines laid out by the government and the Department of Defence over what devices can be used from home.
Here’s what you can do to keep your devices secure before yet another cyberattack:
Keep your devices updated: Keep your IoT devices patched as soon as security updates are issued. It is harder to break into a system which has no pending updates or unused operating systems.
Do not stick to default passwords: Most often, we are too lazy to change our passwords and just keep using the default passwords that come with the device. It is always easier to manipulate a device which mostly has a 0000, 1111 or 1234 password. So change your password into a tougher one which will be harder to crack.
Scout your own network for malware: Keep an eye on your devices and use programs/services like Nmap to probe into your network’s security. The idea is to beat the crooks to finding a loophole in your device network and this will also help you have a better understanding to prevent an attack.
Building a cognitive firewall: From the business point of view, it is good to invest in a cognitive firewall, which means the security controls are all in the cloud now, instead of one single device. Check if your device allows outsiders or non-members to login on their own and if so, close that option down as well.
Use more than one DNS service provider: During the crackdown, many big businesses found that their websites crashed or were inaccessible. To avoid this, they could use multiple DNS providers and have a detailed plan on how to mitigate such an attack. The plan should be comprehensive and should have details about whom to call or what to do in case of an attack.
Instead of seeing this situation as a negative, damaging aspect of our hyper-connected future, it is better to look at it as a warning signal to better our security measures and establish a standard for our IoT devices. Keeping out devices and data is a shared responsibility of all the parties–the government, businesses and individuals–who use or benefit from IoT devices. So it is important that each of these groups play their own parts and also work together to ensure that we are ready to prevent such an attack from happening again.
Do send your feedback to firstname.lastname@example.org
Our related posts