The internet has become pervasive, connecting and communicating with people as well as innumerable networked devices. The Internet of Things (IoT) is snowballing and is estimated to comprise 18 Bn connected devices by 2022. As our reliance on internet connected, intelligent devices continues to grow, one question is becoming increasingly prevalent – ‘How do we protect these billions of devices from intrusions and interference and protect the interest and privacy of all those who depend on it?’
When McKinsey conducted a study in 2015 asking respondents about their greatest concerns with regards to IoT, security topped the list even then. But it is the recent cybersecurity attacks in the US, and Europe that brought to light the vulnerabilities that come with IoT. The technology world was struck when a DDoS attached took down Dyn and impacted many websites including Reddit, Spotify, SoundCloud, etc. IoT is also fertile ground for hackers growing their botnet armies, and it is imperative to keep security a top priority at all times.
But what makes IoT devices so vulnerable?
1) By design, IoT comprises of multiple ecosystems, with sensors on one end of the spectrum and autonomous devices and vehicles on the other end of the spectrum. A single weak link or security lapse in the entire chain could compromise the security of every connected device.
2) Most IoT devices do not have a user interface, which means we don’t regularly interact with them. As a result, we are unable to diagnose them and are not forewarned when they are being targeted by hackers.
3) Typically, while all the devices in an IoT system are password protected, it is the same default password across each device allowing hackers easy access.
4) Most IoT devices do not use a firewall or any diagnostic tool.
5) Most organisations also overlook the importance of using a secure protocol such as ZigBee on-premise and aggregating feed through a secure gateway.
How can you defend your organisation against DDOS and botnet attacks?
Securing your organisation and its IoT ecosystem from botnet and DDoS attacks is critical but simple. We have put together some of the industry best practices which will help you battle security challenges:
– Use unique passwords for each device. Make sure your passwords are strong and not generic.
– Don’t overlook the importance of a good firewall and diagnostic tools. The investment will pay off in the long run.
– Regularly monitor and maintain your devices, servers and networks. Keep an eye out for red alerts and make sure your protections are in place throughout.
– Use secure protocols across the network and infrastructure
– Ensure that each device can identify itself and can securely communicate with other devices in the system.
– Implement user genuineness procedures.
– Ensure confidentiality by encrypting all data – whether it resides on physical networks, virtual environments or the cloud.
It is ideal to ward off botnet attacks at the source by investing in devices that have invested in secure product design and gateways. It is also not advisable to use devices that can be remotely upgraded or for organisations to allow for over the air updates. Such protocols often make it easier for hackers to intrude during the update process.
Keeping devices and network protected at every level is the key but it is equally critical to protect your devices at every step of the way.
