• Defending our public services from the DDoS of Things

        • It has been described by the government as ‘the second digital revolution’ and received £32m in funding to promote its benefits and development across the UK, so it’s no surprise that the Internet of Things (IoT) is high on the public-sector agenda. And it’s growing: it’s predicted that by 2020 there will be an estimated 24 billion connected IoT devices globally helping consumers and businesses to augment their ‘smart’ lives with an endless array of applications.

          While the benefits of IoT are undeniable, they do come with a government health warning: those 24 billion devices are largely unsecured and, in the hands of the unscrupulous, could represent a ‘zombie army’ waiting to receive orders from those intent on disrupting critical services. So what are the risks for public sector organisations, and what can be done to mitigate them? Ronald Sens, EMEA Director, A10 Networks, discusses the options.

          The weaponisation of IoT

          Historically DDoS attacks have often been targeted at gaming networks in attempts to punish rivals or gain a competitive edge, however, we are beginning to see more instances of attacks with political motivations.

          It’s not hard to see that disrupting critical public services such as healthcare, benefits systems, emergency services and municipal networks is a desirable target for politically motivated threat actors, or indeed conventional cybercriminals looking to hold governments to ransom. While not directly a DDoS attack, last year’s ransomware attack affecting the NHS highlighted the enormous impact that a single successful campaign can have, and the very real consequences for the lives of citizens whose medical appointments and operations were cancelled.

          Inherent vulnerability

          The vulnerability lies in the unsecured nature of commodity IoT devices. When installing their new device, how many consumers bother to change the factory default security settings? Indeed, how many consumers know there are even settings to change? Very quickly yet another potential bot joins the network. If it becomes part of a botnet, its owner is unlikely to be aware, nor is the manufacturer, so there is no incentive for either party to mitigate the situation.

          DDoS may not even be the primary objective of the attack, it can be used to mask attempts to infiltrate a network and steal personal data – of which the public sector has an abundance - or to seed malware onto the network for future attacks.

          Defence is the best form of attack

          So how can public sector organisations protect against IoT vulnerabilities? Security systems need to be able to distinguish between a genuine user and a bot, as bots become increasingly sophisticated in a bid to evade detection. Organisations also need to be prepared for multi-vector campaigns that comprise volumetric, protocol and application level attacks in a bid to confuse targets and sidestep defences. 

          Planning for scale is also key - those 24 billion IoT devices are sending more data than even before, so they need a 24 billion-strong defence. Organisations need to build scalability into their security strategies to keep pace with the developing environment.

          All of us rely on public services, and as those services increasingly start to take advantage of smart technologies to make all our lives better, they deserve the very best protection against threats from malicious actors weaponising the Internet of Things. As doctors tell us, prevention is better than cure and, when battling cyber-threats to public services, it’s vital that security is in the best possible physical shape to fight off the disease.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • 95% UK office workers struggle finding documents across the network

          95% UK office workers struggle finding documents across the network

          Tuesday 15th Jan 2019 by clareb
          At a time when UK businesses are readily championing digital investment, it is critical firms take this opportunity to address vulnerabilities in their digital infrastructure, notably sub-standard information handling and management. This is accordin...Read More...
          Eight ways to crush the career blues in 2019

          Eight ways to crush the career blues in 2019

          Tuesday 15th Jan 2019 by clareb
          January can be tough. A combination of debt, cold weather, time since Christmas, low motivation and failed New Year’s resolutions sees the most depressing day of the year fall on 21st January this year. And while we know Blue Monday is just a c...Read More...
          Brits as likely to ditch bacon as booze for New Year’s resolution

          Brits as likely to ditch bacon as booze for New Year’s resolution

          Wednesday 2nd Jan 2019 by clareb
          With 2019 now in full swing, many will be turning their thoughts to the year ahead and looking at what positive changes they can make in the New Year. Figures released today have revealed the UK is now as likely to give up on meat as it is alcohol, a...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue