DDOS attacks are about to get a whole lot worse thanks to the Internet of Things. But help may come from an unlikely source – the cloud.
The Internet of Things promises to do some great stuff for both our professional and personal lives. But all that enrichment comes at a pretty hefty cost, at least now, in its early days. Iโm talking, of course, about security.
Or rather, the lack thereof. Internet-connected devices are easy targets for hackers and ideal candidates for use in botnets. They often lack proper configuration, and many users fail to use strong login credentials.
That isnโt terribly surprising if you stop to think about it. The majority of IoT manufacturers have middling expertise where cybersecurity is concerned. After all, itโs not something theyโve ever needed to think about. Sure, a company that makes kitchen appliances probably has an IT department, but how great are the chances that theyโd bother to include administrators and security professionals in the manufacturing process?โ
You should already know the answer to that – somewhere between โslimโ and โnone.โ
[easy-tweet tweet=”Users still canโt be bothered to apply strong credentials to their devices” hashtags=”IoT, Data”]
That isnโt the only problem with the connected world, either. In spite of all the hacks, data breaches, and privacy leaks weโve seen over the past several years, a startling number of users still canโt be bothered to apply strong credentials to their devices. Just take a look at the top ten passwords used to hijack IoT devices, and try not to cringe at the fact that there are things like โroot,โ โ123456,โ and โpassword.โ
Someone looking to create a botnet, therefore, doesnโt even need to be particularly skilled at hacking. They just have to take the shotgun approach – slam default usernames and passwords into as many devices as they can find, and see which ones they can recruit. Theyโre more or less guaranteed to pick up at least a few.
The result of this mess? Some of the largest botnets weโve ever seen. And itโs only going to get worse from here – at least until someone steps up and holds manufacturers accountable for their security flubs.
Of course, you can already guess the problem with that. The consumer market doesnโt care about security. They care about whether or not their devices are easy to use.
And that, in turn, means that IoT vendors and manufacturers have little to no incentive to harden their devices. Even on the rare occasion that a hardware or software vendor is held liable for a breach, the regulatory fine amounts to little more than a slap on the wrist. It would be like causing a car accident and only being penalised with a $50 fine.
Until we find a way to incentivize security amongst vendors and ensure consumers donโt bumble along with default usernames and passwords, the Internet of Things will continue to represent a major security risk, even as it transforms how we work and live.
[easy-tweet tweet=”IoT isnโt going anywhere anytime soon.” hashtags=”IoT, Cloud “]
Sadly, that means that in the interim, all you can do about any of this is shore up your defences and hope you can survive whatever botnet happens to be pointed your way because IoT isnโt going anywhere anytime soon. And as you may have surmised, traditional DDOS protection may not be enough to weather the storm – at least, not of the sort anyone save for a dedicated host can afford. In this, the cloud may be the answer.
โIt looks like 2017 will see [the scale of botnets] increase even more rapidly with the abundance of insecure IoT devices and the fact that large-scale attacks have become simpler to execute,โ Duncan Stewart, Deloitte’s Director of TMT Research told Gigaom. โ The consequence may be that CDNs and local mitigations may not be able to scale readily to mitigate the impact of concurrent large-scale attacks, requiring a new approach to tackling DDoS attacks.โ
Many of the features that allow the cloud to offer competitive advantages over traditional hosting services also make it ideally suited for weathering DDOS attacks. Failover and reliability. On-demand scaling. Distributed networking.
It seems like itโs perfect, right?
Almost. See, the market…isnโt quite there yet. DDOS-as-a-Service is an excellent idea, but itโs also one thatโs still in the wings. The solution may well be to bake DDOS protection into existing cloud platform. By providing cloud-based mitigation, providers can shore up their platforms against potential attacks.
That just leaves non-cloud servers and services – which could all benefit from a bit of cloud scaling, anyway.
Tim Mullahy is the General Manager atย Liberty Center One. Liberty Center One is a new breed of data center located in Royal Oak, MI. Liberty can host any customer solution regardless of space, power, or networking/bandwidth requirements.
Comments are closed.