Risky business of IoT attacksWeaponisation is the key problem when it comes to cyber threats like DDoS and ransomware. The days when only savvy attackers were targeting large organisations are gone. Nowadays the cyber crime as a service sub-economy means that pretty much anyone can launch IoT attacks or otherwise easily and cheaply (some services even offer a “free trial”). This means that anyone can be targeted and the costs can be considerable financially and from a reputation perspective. The risks to SMEs are significant as they don’t tend to invest in the latest security technologies, and don’t have in-house teams of security experts. But there are ways in which SMEs can better protect themselves from the cyber threats and IoT attacks that are out there today.
Mitigating the threat of IoT attacks in a small businessThere are four key actions small businesses can take to protect from connected IoT attacks: (1) Implement good security hygiene across the business There is lots of freely available advisory information out there which covers things such as using strong passwords, updating and patching systems, isolating guest networks and limiting access to key infrastructure. Implementing this advice may seem like common sense, but many don’t realise the importance of it until it is too late. (2) Work with Managed Service Security Providers (MSSPs) MSSPs allows small businesses to outsource network security to alleviate the pressure of managing the risk entirely within the business. MSSPs provide small businesses with cost-effective access to both the latest technologies and skilled people, so that they can ensure the right defences are in place 24/7. (3) Educate employees Small businesses should educate and train staff on the risks that are out there, for example through online courses to help in the identification of suspicious links and communications. Employees should be made aware that it is everyone’s responsibility to protect business intellectual property and customer data – not just those in IT – and that the impact of a breach or attack would be felt across the business. (4) Avoid being a part of the problem Businesses should ensure any deployed IoT devices are updated with the latest software, that default passwords are changed, that the devices are isolated form the Internet (where possible) and that any unneeded services are disabled. In the future, IoT devices will hopefully be engineered with greater security in mind, but for now we have to limit the capability available to hackers as best we can.
Future of IoT devicesIoT devices have been actively used by attackers since 2010, but this really became mainstream in 2016. We are, unfortunately, just at the beginning of the issues we will face. Thus far we have IoT attacks through devices for DDoS and click-fraud, but it is highly likely we’ll start to see extortion and other forms of cyber crime leveraging these devices. SMEs should not be complacent when it comes to cyber security given their increasing dependence on Internet services. Implementing good cyber hygiene, educating employees on the risk and working with MSSPs are important steps when protecting a business in the world of today. Darren Anstee is chief security technologist at Arbor Networks Image: Shutterstock
Share this story