FEATURE
IT professionals . . . will now be expected to become experts in smart lighting , heating and air conditioning systems .
Increase in DDoS attacks
DDoS ( Distributed Denial of Service ) attacks are on the rise . In the UK alone , 41 % of organisations say they have experienced a DDoS attack .
IoT devices are a perfect vehicle for criminals to use to access a company ’ s network . In fact , 2016 ’ s high-profile Mirai attack used IoT devices to mount wide-scale DDoS attacks that disrupted Internet service for more than 900,000 Deutsche Telekom customers in Germany and infected almost 2,400 TalkTalk routers in the UK .
Ransomware attacks
Elsewhere , there has been an almost 2000 % jump in ransomware detections since 2015 . Ransomware became a public talking point in 2017 when WannaCry targeted more than 200,000 computers across 150 countries , with damages ranging from hundreds of millions to billions of dollars .
While most ransomware attacks currently infiltrate an organisation via email , IoT presents a new delivery system for both mass and targeted attacks .
Consider the potentially life-threatening impact of ransomware on smart devices within critical applications ; the ability of criminals to shut down critical business and logistics systems has already been repeatedly demonstrated . So perhaps it is unsurprising that a 2017 survey found that almost half of small businesses questioned would pay a ransom on IoT devices to reclaim their data .
Increasing intensity and sophistication of attacks
The sophistication of attacks targeting organisations is accelerating at an unprecedented rate , with criminals leveraging the significantly expanded and expanding attack surface created by IoT for new disruptive opportunities .
According to Fortinet ’ s latest Quarterly Threat Landscape report , three of the top 20 attacks identified in Q4 2017 were IoT botnets . But it says unlike previous attacks , which focused on exploiting a single vulnerability , new IoT botnets such as Reaper and Hajime target multiple vulnerabilities simultaneously , which is much harder to combat .
Wi-Fi cameras were targeted by criminals with more than four times the number of exploit attempts detected over Q3 2017 . The challenge is that none of these detections is associated with a known security threat , which Fortinet describes as “ one of the more troubling aspects of the myriad of vulnerable devices that make up the IoT .”
The effects of an attack
The aftermath of a cyberattack can be devastating for any company , leading to huge financial losses , compounded
by regulatory fines for data breaches and plummeting market share or job losses . At best , a company could suffer irreparable reputational damage and loss of customer loyalty .
On top of that , IoT devices have the potential to create organisational and infrastructure risks , and even pose a threat to human life , if they are attacked . We have already seen the impact of nation-state attack tools being used as nation state weapons , then getting out and being used in commercial criminal activity . While the core focus is on defending critical infrastructure , and that is still far behind the curve , weak business infrastructure is a much softer target .
Profit over security
It ’ s crazy to think that devices with the potential to enable so much damage to homes , businesses and even entire cities often lack basic security design , implementation and testing . In the main this is because device manufacturers are pushing through their products to get them to market as quickly as possible , to cash in on the current buzz around IoT .
Lawrence Munro , Vice President SpiderLabs at Trustwave , said : “ We are seeing a lack of familiarity with secure coding concepts resulting in vulnerabilities , some of them a decade old , incorporated into final designs .” u
50 Issue 01 | www . intelligentciso . com