• Defending our public services from the DDoS of Things

        • It has been described by the government as ‘the second digital revolution’ and received £32m in funding to promote its benefits and development across the UK, so it’s no surprise that the Internet of Things (IoT) is high on the public-sector agenda. And it’s growing: it’s predicted that by 2020 there will be an estimated 24 billion connected IoT devices globally helping consumers and businesses to augment their ‘smart’ lives with an endless array of applications.

          While the benefits of IoT are undeniable, they do come with a government health warning: those 24 billion devices are largely unsecured and, in the hands of the unscrupulous, could represent a ‘zombie army’ waiting to receive orders from those intent on disrupting critical services. So what are the risks for public sector organisations, and what can be done to mitigate them? Ronald Sens, EMEA Director, A10 Networks, discusses the options.

          The weaponisation of IoT

          Historically DDoS attacks have often been targeted at gaming networks in attempts to punish rivals or gain a competitive edge, however, we are beginning to see more instances of attacks with political motivations.

          It’s not hard to see that disrupting critical public services such as healthcare, benefits systems, emergency services and municipal networks is a desirable target for politically motivated threat actors, or indeed conventional cybercriminals looking to hold governments to ransom. While not directly a DDoS attack, last year’s ransomware attack affecting the NHS highlighted the enormous impact that a single successful campaign can have, and the very real consequences for the lives of citizens whose medical appointments and operations were cancelled.

          Inherent vulnerability

          The vulnerability lies in the unsecured nature of commodity IoT devices. When installing their new device, how many consumers bother to change the factory default security settings? Indeed, how many consumers know there are even settings to change? Very quickly yet another potential bot joins the network. If it becomes part of a botnet, its owner is unlikely to be aware, nor is the manufacturer, so there is no incentive for either party to mitigate the situation.

          DDoS may not even be the primary objective of the attack, it can be used to mask attempts to infiltrate a network and steal personal data – of which the public sector has an abundance - or to seed malware onto the network for future attacks.

          Defence is the best form of attack

          So how can public sector organisations protect against IoT vulnerabilities? Security systems need to be able to distinguish between a genuine user and a bot, as bots become increasingly sophisticated in a bid to evade detection. Organisations also need to be prepared for multi-vector campaigns that comprise volumetric, protocol and application level attacks in a bid to confuse targets and sidestep defences. 

          Planning for scale is also key - those 24 billion IoT devices are sending more data than even before, so they need a 24 billion-strong defence. Organisations need to build scalability into their security strategies to keep pace with the developing environment.

          All of us rely on public services, and as those services increasingly start to take advantage of smart technologies to make all our lives better, they deserve the very best protection against threats from malicious actors weaponising the Internet of Things. As doctors tell us, prevention is better than cure and, when battling cyber-threats to public services, it’s vital that security is in the best possible physical shape to fight off the disease.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • Open plan offices are damaging workers ability to concentrate

          Open plan offices are damaging workers ability to concentrate

          Monday 19th Feb 2018 by clareb
          The noise and distraction of open plan workplaces are preventing employees from focusing on individual tasks requiring high levels of concentration and minimum disruption, according to research from design firm, Unispace. The findings come as part o...Read More...
          Organisations need to consider print infrastructure for GDPR

          Organisations need to consider print infrastructure for GDPR

          Friday 16th Feb 2018 by clareb
          GDPR is presenting a challenge to organisations, and as such, there is much discussion around the fines for data breaches under the new regulation. But data breaches are not the only areas of concern regarding GDPR, according to Y Soft Corporati...Read More...
          Transparency makes more consumers happy with data sharing

          Transparency makes more consumers happy with data sharing

          Wednesday 14th Feb 2018 by clareb
          In 100 days the General Data Protection Regulation (GDPR) comes into force, bringing with it new laws covering how businesses collect, store and use consumer data. As businesses prepare for the new rules, almost two-thirds (61%) of consumers are alre...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue