The Internet of Things and its implications on cyber security
In the last year, we’ve seen the use of Internet of Things (IoT) devices within the home and the workplace surge significantly.
On a typical day most devices we interact with, from our smart watches, to the office photocopier and printer, and even children’s toys, are connected to the Internet in some shape or form.
This access to connected devices has undoubtedly improved the way consumers interact with these every day items, but it has also exposed them to a number of unprecedented vulnerabilities.
While these types of IoT attacks can lead to significant reputational and financial damages for businesses, equally as importantly, they can also result in loss of customer trust and confidence. As can be seen from these high profile cyber-attacks, businesses must now take appropriate security measures, not just to protect their commercial operations, but also in order to protect their customers.
This increase in the use of connected devices has also led to a range of cyber security risks for enterprises themselves. As the lines between personal and work related use of these devices continue to blur, we’re seeing more cybercriminals target the personal connected devices of employees, as well as office devices, in attempts to infect entire organisations.
One of the most used types of IoT cyber security incidents is known as Distributed Denial of Service (DDoS) attacks. These are attempts to make an online service unavailable by overwhelming it with traffic from multiple comprised devices. DDoS attacks are becoming increasingly common globally. According to our latest annual Telstra Cyber Security Report, 59 per cent of Australian businesses and 43 per cent of Asian businesses have experienced a DDoS attack on at least a yearly basis.
In 2016, the website of cyber security writer and blogger, Brian Krebs, was on the receiving end of a DDoS attack that used IoT devices, including CCTV cameras, Digital Video Recorders (DVRs) and routers designed to take the site offline. We’ve also seen similar cyber attacks using devices like children’s toys and household appliances to create IoT botnets capable of inflicting significant damage.
What we’ve learnt from these high-profile DDoS attacks is that part of the reason they are so popular with cybercriminals is they’re very low cost to launch. They are also easy to access, which means that anyone from experienced cybercriminals to disgruntled customers and employees can attack any business at great ease.
The good news is that everyone can take precautions to prevent their IoT devices from being hijacked by malware and used in DDoS attacks. By purchasing these devices from reputable manufacturers that provide regular security updates, you will help your business will help protect itself against cyber security attacks. Here are some other useful ways that you can avoid DDoS attacks:
- Update administrator usernames and passwords to become strong and unique.
- Disable remote access to your devices and block/close unauthorised access using the following protocol ports but not limited to: SSH (22), Telnet (23) and HTTP/HTTPS (80/443).
- Perform updates/patching and review changes in features and settings on a regular basis for IoT as per any other computer on your network.
- Ensure staff responsible for Electronic Security and Physical Security are educated on the precautions required when purchasing and deploying security devices such as IP-enabled surveillance cameras.
Telstra Cyber Security Report 2017
Telstra commissioned Frost and Sullivan to survey 360 senior IT leaders and C-suite executives across Australia and Asia to explore the current cyber security landscape and inform businesses how to best manage and mitigate their cyber risks. To download a full copy of the 2017 Cyber Security Report, click here.