• Defending our public services from the DDoS of Things

        • It has been described by the government as ‘the second digital revolution’ and received £32m in funding to promote its benefits and development across the UK, so it’s no surprise that the Internet of Things (IoT) is high on the public-sector agenda. And it’s growing: it’s predicted that by 2020 there will be an estimated 24 billion connected IoT devices globally helping consumers and businesses to augment their ‘smart’ lives with an endless array of applications.

          While the benefits of IoT are undeniable, they do come with a government health warning: those 24 billion devices are largely unsecured and, in the hands of the unscrupulous, could represent a ‘zombie army’ waiting to receive orders from those intent on disrupting critical services. So what are the risks for public sector organisations, and what can be done to mitigate them? Ronald Sens, EMEA Director, A10 Networks, discusses the options.

          The weaponisation of IoT

          Historically DDoS attacks have often been targeted at gaming networks in attempts to punish rivals or gain a competitive edge, however, we are beginning to see more instances of attacks with political motivations.

          It’s not hard to see that disrupting critical public services such as healthcare, benefits systems, emergency services and municipal networks is a desirable target for politically motivated threat actors, or indeed conventional cybercriminals looking to hold governments to ransom. While not directly a DDoS attack, last year’s ransomware attack affecting the NHS highlighted the enormous impact that a single successful campaign can have, and the very real consequences for the lives of citizens whose medical appointments and operations were cancelled.

          Inherent vulnerability

          The vulnerability lies in the unsecured nature of commodity IoT devices. When installing their new device, how many consumers bother to change the factory default security settings? Indeed, how many consumers know there are even settings to change? Very quickly yet another potential bot joins the network. If it becomes part of a botnet, its owner is unlikely to be aware, nor is the manufacturer, so there is no incentive for either party to mitigate the situation.

          DDoS may not even be the primary objective of the attack, it can be used to mask attempts to infiltrate a network and steal personal data – of which the public sector has an abundance - or to seed malware onto the network for future attacks.

          Defence is the best form of attack

          So how can public sector organisations protect against IoT vulnerabilities? Security systems need to be able to distinguish between a genuine user and a bot, as bots become increasingly sophisticated in a bid to evade detection. Organisations also need to be prepared for multi-vector campaigns that comprise volumetric, protocol and application level attacks in a bid to confuse targets and sidestep defences. 

          Planning for scale is also key - those 24 billion IoT devices are sending more data than even before, so they need a 24 billion-strong defence. Organisations need to build scalability into their security strategies to keep pace with the developing environment.

          All of us rely on public services, and as those services increasingly start to take advantage of smart technologies to make all our lives better, they deserve the very best protection against threats from malicious actors weaponising the Internet of Things. As doctors tell us, prevention is better than cure and, when battling cyber-threats to public services, it’s vital that security is in the best possible physical shape to fight off the disease.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • Sports Direct acquires House of Fraser

          Sports Direct acquires House of Fraser

          Friday 10th Aug 2018 by clareb
          Following today’s news (Friday 10th August) that Sports Direct has purchased House of Fraser for £90m, GlobalData is urging Mike Ashley, Sports Direct’s billionaire owner,to transform House of Fraser to make it a success. ...Read More...
          Businesses must embrace the digital workplace or risk being left behind

          Businesses must embrace the digital workplace or risk being left behind

          Friday 3rd Aug 2018 by clareb
          Organisations that do not have right infrastructure in place to support flexible working will simply be outpaced by savvier competitors. This is according to M-Files, commenting on new research from Ingram Micro Cloud and Microsoft, wh...Read More...
          British workers investing in technology for pets whilst they’re at work

          British workers investing in technology for pets whilst they’re at work

          Wednesday 1st Aug 2018 by clareb
          British pets are now being entertained and fed from home while their owners are at work using the latest smart technology according to new research.  The survey of 1,007 UK adults carried out by gadgets and technology e-tailer, Laptop...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue