It’s the final week of Cyber Security Month and we have a bit of a case study – a security nightmare of biblical proportions, if you will – to perfectly highlight why it’s so important to have good security practices. At the end of last week lots of high-profile websites were knocked offline because of a hack, and it’s something that we all have to take responsibility for.
First up, what is the Internet of Things?
The ‘Internet of Things’ (IoT) is basically all of the things that can connect to the internet. While I’m aware I just repeated the name in a different way it’s literally that; anything that collects data, is embedded with a sensor or has internet capabilities, from your webcam to your smart thermostat that knows when your house temperature needs adjusting, to your wearables.
Research giant Gartner has predicted that by 2020 there’s going to be over 26 billion connected devices and it’s going to be pretty awesome; start looking out for smart fridges that will order your milk when you run out, smart highways that will let work know when you’re stuck in traffic, or alarm clocks that will turn your coffee machine on when you wake up.
The possibilities are endless, which means so are the possibilities for mischief, especially as IoT devices are often designed without security in mind.
So why’s this a thing right now?
Last Thursday some of the world’s biggest sites – including Twitter, Netflix, Reddit and the UK government site Gov.UK – were knocked offline by a series of DDoS (Distributed Denial of Service) attacks; a type of attack that floods a website with traffic from a network of bots, overloading its server and knocking it offline.
From the sounds of it the botnet that did the attacking in this case was made up of insecure IoT devices, and sent tens of millions of IP addresses to the network of a company called Dyn, which deals with the web addresses of the affected firms; clearly having one part of the chain affected had a mega knock-on effect.
Why does this matter to you?
First up, awareness. Companies must not be building internet-connected things without security in mind and you need to know that they are – it’s your data that’s going to get stolen, it’s your Friday evening that’s going to be ruined because you can’t watch the new season of Black Mirror on Netflix and it’s you that’s got to demand companies are taking security seriously. One weak link in the chain and the whole thing breaks.
Secondly, you can learn from the mistakes of others and apply it to your own biz. Although this time around it was the megacorps that were targeted, evidence has shown time and again it’s not just big names that are hit, but often smaller companies aren’t prepared or even aware.
Lots of businesses will have attackers lurking in their system for months or even years, stealing their data, and they don’t even realise. It’s not possible to completely prevent an attack but having things like DDoS protection in place helps protect you as much as possible, so make sure you ask your hosting provider about their security services.
Finally, and as always, employ good security from the ground up. Many IoT companies don’t, and in this day and age it’s inexcusable. From long, unique passwords to internal system monitoring, penetration testing and vulnerability scanning, it will all help to make sure that your name is only in the headlines for the right reasons.
Educate yourself, educate your team and if you’re ever in doubt ask an expert, because cyber security is for life, not just for October.
For more information on how UKFast can help you protect yourself take a look at our security solutions web page.