• Defending our public services from the DDoS of Things

        • It has been described by the government as ‘the second digital revolution’ and received £32m in funding to promote its benefits and development across the UK, so it’s no surprise that the Internet of Things (IoT) is high on the public-sector agenda. And it’s growing: it’s predicted that by 2020 there will be an estimated 24 billion connected IoT devices globally helping consumers and businesses to augment their ‘smart’ lives with an endless array of applications.

          While the benefits of IoT are undeniable, they do come with a government health warning: those 24 billion devices are largely unsecured and, in the hands of the unscrupulous, could represent a ‘zombie army’ waiting to receive orders from those intent on disrupting critical services. So what are the risks for public sector organisations, and what can be done to mitigate them? Ronald Sens, EMEA Director, A10 Networks, discusses the options.

          The weaponisation of IoT

          Historically DDoS attacks have often been targeted at gaming networks in attempts to punish rivals or gain a competitive edge, however, we are beginning to see more instances of attacks with political motivations.

          It’s not hard to see that disrupting critical public services such as healthcare, benefits systems, emergency services and municipal networks is a desirable target for politically motivated threat actors, or indeed conventional cybercriminals looking to hold governments to ransom. While not directly a DDoS attack, last year’s ransomware attack affecting the NHS highlighted the enormous impact that a single successful campaign can have, and the very real consequences for the lives of citizens whose medical appointments and operations were cancelled.

          Inherent vulnerability

          The vulnerability lies in the unsecured nature of commodity IoT devices. When installing their new device, how many consumers bother to change the factory default security settings? Indeed, how many consumers know there are even settings to change? Very quickly yet another potential bot joins the network. If it becomes part of a botnet, its owner is unlikely to be aware, nor is the manufacturer, so there is no incentive for either party to mitigate the situation.

          DDoS may not even be the primary objective of the attack, it can be used to mask attempts to infiltrate a network and steal personal data – of which the public sector has an abundance - or to seed malware onto the network for future attacks.

          Defence is the best form of attack

          So how can public sector organisations protect against IoT vulnerabilities? Security systems need to be able to distinguish between a genuine user and a bot, as bots become increasingly sophisticated in a bid to evade detection. Organisations also need to be prepared for multi-vector campaigns that comprise volumetric, protocol and application level attacks in a bid to confuse targets and sidestep defences. 

          Planning for scale is also key - those 24 billion IoT devices are sending more data than even before, so they need a 24 billion-strong defence. Organisations need to build scalability into their security strategies to keep pace with the developing environment.

          All of us rely on public services, and as those services increasingly start to take advantage of smart technologies to make all our lives better, they deserve the very best protection against threats from malicious actors weaponising the Internet of Things. As doctors tell us, prevention is better than cure and, when battling cyber-threats to public services, it’s vital that security is in the best possible physical shape to fight off the disease.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • Ergonomic furniture to improve physical and mental wellbeing

          Ergonomic furniture to improve physical and mental wellbeing

          Tuesday 16th Oct 2018 by clareb
          With Back Care Awareness Week fresh in the mind, businesses across the UK are continuing to be warned of the dangers of sitting uncomfortably in unsupportive chairs for prolonged periods.  A recent report by Digby Brown Solicitors revealed...Read More...
          Only 42% of UK workers now use a desktop computer

          Only 42% of UK workers now use a desktop computer

          Monday 15th Oct 2018 by clareb
          The once commonplace desktop PC has been relegated to Britain’s dusty workplace store room, joining relics such as the fax machine and the landline phone. The survey of 1,013 British adults carried out by gadgets and technology e-tailer,&...Read More...
          68% businesses fail to wipe the memories of IT equipment before disposal

          68% businesses fail to wipe the memories of IT equipment before disposal

          Friday 12th Oct 2018 by clareb
          Despite GDPR legislation having come into effect over four months ago, the majority of UK businesses are now risking penalties by failing to adhere to some of the rules. According to a survey of 1,002 UK workers in full or part-time employment,...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue