The Internet of Things (IoT) is full of promise. It’s also full of danger. Small, network-capable devices, individually harmless-looking, have grown into a huge security threat. They were a large part of the reason the Internet went bad on October 21.
They’ve escalated a familiar type of attack into one of the biggest dangers on today’s Internet: The distributed denial-of-service (DDoS) attack. It doesn’t aim at stealing or damaging data, but at preventing access for hours.
Traditional forms of security, such as anti-malware software and firewalls, aren’t enough to stop DDoS attacks. They’re still valuable, but they can’t help against incoming data that wreaks havoc through sheer volume. Nor can they stop threats that sneak their way in using an employee’s credentials.
You need to take additional measures to keep DDoS attacks and other stealth threats from succeeding, and you need new contingency measures when they do succeed.
October 21 DDoS Attack
Twitter, Spotify, the New York Times and other major sites became unreachable for hours on October 21. One of the biggest DDoS attacks in history was to blame. The target was Dyn, the sites’ domain name services provider.
Dyn translates domain names into IP addresses so that browsers and applications can reach the right servers. Overwhelmed by spurious translation requests, Dyn couldn’t keep up with legitimate ones.
The power behind the attack was a piece of malware called Mirai. It linked together millions of common, poorly-secured IoT devices to bombard Dyn with requests to look up fake domains — the majority of which were networked DVRs. Many were operated with easy-to-guess default passwords.
Costs of DDoS
As DDoS attacks grow in power, they impose increasing costs on affected sites. Big sites are preferred targets, but organizations of all sizes get hit. A report by the Ponemon Institute found that the average cost of a data center outage in 2016 was $9,000 a minute, up 38% from 2010. Crime is the fastest growing cause.
Costs can include:
Loss of business during the outage
Loss of customer trust
Malware removal
Data theft
Intellectual property loss
Taking defensive measures
Security threats play on vulnerabilities. Old software has known vulnerabilities, and criminals know that a lot of machines have vulnerabilities. System software, applications and security software all need to stay up to date to provide the best protection.
Zero-day attacks that exploit new weaknesses can beat even the best software protection, so your organization needs an incident response plan as a central part of a security strategy. If something does go wrong, quick mitigation can reduce its cost.
With new and bigger risks constantly appearing on the Internet, your business can’t afford to neglect securing servers, including backing them up and making copies of backups.
It takes time, effort and expertise to stay current. Trying to go it alone is difficult. Working with a managed security services frees you to focus on what you do best and can be considerably less costly than a cyber attack. Contact neteffect at 704-688-7170 to learn more.