The Internet of Things (IoT) revolution has connected individuals and organisations in ways no one ever thought possible, changing the way we spend our time and utilise resources. Further to this, the number of devices with IoT capabilities is also growing at an incredible rate with everything from photocopiers to refrigerators and even lightbulbs equipped with the ability to send and receive data.
With such rapid innovation and development there inevitably comes risk and vulnerabilities that nefarious minded hackers look to exploit. A common way this has happened via the IoT is through Distributed Denial of Service (DDoS) attacks. We thought we’d explore exactly how this has happened and what you can do to prevent this.
What is a DDoS attack?
If you’ve been fortunate enough not to have fallen victim (or be part of an organisation that has) to a cyber attack of this kind, you might not have a complete understanding of what it is.
A DDoS attack is one that does what it describes in that it disrupts the service of a target machine/device/server by flooding it with huge volumes of traffic. This will overload its target, rendering it unable to receive requests and traffic from legitimate sources who are genuinely trying to use its function/services.
The size of DDoS attacks vary widely but at their worst, they can result in terabytes per second of traffic being sent through like the famous GitHub attack in 2018 which peaked at 1.3 terabytes per second.
What are the consequences of a DDoS attack?
The consequences of a DDoS attack can go far beyond the initial denial of service making it one of the more dangerous forms of cyberattack.
If your service relies solely or heavily on the online platform being attacked, every minute it is unavailable is likely costing you potential revenue. This is especially relevant for eCommerce websites of which there are millions around the world. A DDoS attack can also disrupt productivity for websites that act as portals to online tools and utilities. Again, this will affect an organisation’s bottom line.
Confidential data loss is also a big risk when it comes to DDoS attacks which leads to costly data recovery procedures from cybersecurity and IT professionals. This theft of intellectual property, customer data, financial assets and resources is now almost synonymous with these incidents.
The reputational damage that’s inflicted on an organisation can also be crippling. The trust and assurance that gets broken, not just from existing customers and clients but prospective ones as well, is incredibly difficult to rebuild. It requires a huge amount of technical work but also an extensive PR and communications strategy as well.
How does DDoS use IoT technology?
As already discussed, the IoT revolution has made many aspects of our lives that much more organised and efficient but these advantages have also been manipulated by hackers.
One of the main reasons why hackers have been able to do this is because of the high volumes of IoT devices that have been released into the market that have not been adequately secured. Hackers run automated attacks seeking out such devices with firmware/patch/password vulnerabilities. They then take control of these to build a botnet, the key weapon used in a DDoS attack.
A botnet is essentially a network of private computers infected with malicious software so they can be controlled as a group by hackers to send traffic to a specified target. This is often without the knowledge and/or awareness of the owners of the devices being used. Traditionally this was limited to computers and sometimes tablets and smartphones but the number of devices with IoT capabilities, as already established, has increased enormously.
These automated attacks to build botnets aren’t limited by geographic boundaries either and when you think about this, in the context of the number of devices we’re already talking about, the potential size and scale of such botnets and their corresponding DDoS attacks is staggering.
How do you prevent a DDoS attack in the IoT world?
The question of prevention when it comes to DDoS attacks in the IoT world has been one of the most challenging in the world cybersecurity in recent times. In a perfect world, all products would be developed faultlessly from a security point of view and user behaviour would dictate that things like strong passwords, changed on a regular basis across all devices would be action across the board.
Promoting best practices about passwords etc is the first thing you can do to help prevent your own devices from being taken control of. Extending those messages to everyone in the rest of the world, however, is a lofty ambition too far to ever be achieved.
The next best thing you can do to prepare yourself and your organisation is to seek the services of cybersecurity specialists. The truth of the matter is the technical expertise required to ensure the best protection is applied goes beyond any that a layman can apply.
But even this isn’t a straightforward choice given the number of cybersecurity providers out there so the question then becomes where to start? The key success here is to have an idea of your needs and requirements given the relative size of your organisation and the dependence on its online platforms.
It’s then in your interests to ask a few questions of these providers in order to ascertain their suitability. These questions might include:
- What tools/services do they use to mitigate DDoS attacks?
- What are the limitations of these tools/services and their networks in order to handle sizeable DDoS attacks?
- How fast can they recognise and respond to DDoS attacks?
- Are those tools sector-specific? Are they particularly useful for eCommerce websites for example?
- Do they have experience with others in your sector due to the fact that hackers often run similar sorts of attacks on similar sites?
- What clients are they currently representing and how successful have they been in doing so?
- What is required from your organisation in terms of setup and how long will it take to fully implement?
These questions will give you a good base to initiate a conversation about your cybersecurity needs with specific respect to DDoS attacks from which you can plan to ensure your organisation is sufficiently protected.
The benefits of IoT can be enjoyed with DDoS protection
With the right systems, tools and processes in place, you can function effectively, reaping the benefits of the IoT, increasing connectivity within your own organisation and the outside world.