The Internet of Things (IoT) has gone well beyond the hype to become a business reality for many businesses. And if you’re not using IoT devices yet, you soon will be. They deliver significant efficiencies and automation capabilities that offer real benefits to businesses of all sizes and in all industries.
However, in the rush to get IoT devices to market, manufacturers tend to have overlooked one key detail.
And when IoT devices get hacked, cybercriminals can go beyond simply sabotaging specific organisations. They can create massive issues including distributed denial of service (DDoS) attacks that affect the entire Internet.
In a DDoS attack for example, a malware program called Mirai searches for IoT devices that haven’t had their factory-default usernames and passwords changed, then commandeers those devices to send junk traffic to an online target until it crashes.
An unfixable vulnerability
Simply changing the username and password on these inexpensive IoT devices won’t necessarily protect you. That’s because the machines can still be reached, even after you change the passwords using the provided web-based administration panel, using Telnet and SSH. Most users can’t feasibly change the passwords using these alternate communications channels because they’re hardcoded into the devices themselves, leaving them open to savvy hackers.
This is essentially unfixable.
The European Commission is drafting new cybersecurity requirements to improve IoT device security but there’s no news yet on whether the Australian government will follow suit.
The responsibility lies with you
It’s important not to underestimate the power of the new era of DDoS attacks. Unlike in the past, when an attack may take down a website or two, these new attacks are capable of bringing down entire sections of the Internet’s backbone for long enough to cause significant blowback. This could be a precursor for things to come, especially because the general consensus is that these attacks are likely being perpetrated by large nation states rather than individual hackers in a basement somewhere.
If your business is using or considering IoT devices and applications, then you should investigate the security capabilities of the devices you choose. It’s worth paying a little more for devices that incorporate stronger security features; or at least don’t include such gaping vulnerabilities. This will help protect your business as well as strengthening the internet as a whole.
The added risk of the nbn
There’s no doubt that a high-speed Internet network will benefit Australian businesses, making it easier to leverage the new and emerging technologies that are set to deliver such groundbreaking efficiencies and capabilities.
But a high-speed network has a flip side. While carrying legitimate traffic faster, it also carries junk traffic faster, creating a perfect storm of attack conditions for cybercriminals. By targeting all those unsecured IoT devices via a super-fast network, cybercriminals can launch even more devastating attacks that spread like wildfire, eclipsing anything we’ve seen in the past.
How to proceed safely
It sounds scary because it is. But that doesn’t mean all is lost. You can protect your organisation and enjoy the benefits of IoT technology over the high-speed nbn network without fear as long as you take the right security precautions. Each business needs to do its part to keep the Internet secure.
If you’re not sure how to proceed, contact Aleron today. We can help you understand how your current security posture stands up to these new threats as well as provide you with the right advice to keep your business secure into the future.