• Defending our public services from the DDoS of Things

        • It has been described by the government as ‘the second digital revolution’ and received £32m in funding to promote its benefits and development across the UK, so it’s no surprise that the Internet of Things (IoT) is high on the public-sector agenda. And it’s growing: it’s predicted that by 2020 there will be an estimated 24 billion connected IoT devices globally helping consumers and businesses to augment their ‘smart’ lives with an endless array of applications.

          While the benefits of IoT are undeniable, they do come with a government health warning: those 24 billion devices are largely unsecured and, in the hands of the unscrupulous, could represent a ‘zombie army’ waiting to receive orders from those intent on disrupting critical services. So what are the risks for public sector organisations, and what can be done to mitigate them? Ronald Sens, EMEA Director, A10 Networks, discusses the options.

          The weaponisation of IoT

          Historically DDoS attacks have often been targeted at gaming networks in attempts to punish rivals or gain a competitive edge, however, we are beginning to see more instances of attacks with political motivations.

          It’s not hard to see that disrupting critical public services such as healthcare, benefits systems, emergency services and municipal networks is a desirable target for politically motivated threat actors, or indeed conventional cybercriminals looking to hold governments to ransom. While not directly a DDoS attack, last year’s ransomware attack affecting the NHS highlighted the enormous impact that a single successful campaign can have, and the very real consequences for the lives of citizens whose medical appointments and operations were cancelled.

          Inherent vulnerability

          The vulnerability lies in the unsecured nature of commodity IoT devices. When installing their new device, how many consumers bother to change the factory default security settings? Indeed, how many consumers know there are even settings to change? Very quickly yet another potential bot joins the network. If it becomes part of a botnet, its owner is unlikely to be aware, nor is the manufacturer, so there is no incentive for either party to mitigate the situation.

          DDoS may not even be the primary objective of the attack, it can be used to mask attempts to infiltrate a network and steal personal data – of which the public sector has an abundance - or to seed malware onto the network for future attacks.

          Defence is the best form of attack

          So how can public sector organisations protect against IoT vulnerabilities? Security systems need to be able to distinguish between a genuine user and a bot, as bots become increasingly sophisticated in a bid to evade detection. Organisations also need to be prepared for multi-vector campaigns that comprise volumetric, protocol and application level attacks in a bid to confuse targets and sidestep defences. 

          Planning for scale is also key - those 24 billion IoT devices are sending more data than even before, so they need a 24 billion-strong defence. Organisations need to build scalability into their security strategies to keep pace with the developing environment.

          All of us rely on public services, and as those services increasingly start to take advantage of smart technologies to make all our lives better, they deserve the very best protection against threats from malicious actors weaponising the Internet of Things. As doctors tell us, prevention is better than cure and, when battling cyber-threats to public services, it’s vital that security is in the best possible physical shape to fight off the disease.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • 2/3 employees concerned about catching COVID-19 at work

          2/3 employees concerned about catching COVID-19 at work

          Monday 17th May 2021 by clareb
          More than two-thirds of employees (68%) are worried about contracting Coronavirus when they return to their place of work after UK restrictions ease, a new survey has found. The survey, carried out by JD Cooling Group, an independent supplier of...Read More...
          2/3 European businesses to increase IT spend in 2021

          2/3 European businesses to increase IT spend in 2021

          Tuesday 11th May 2021 by clareb
          Dynabook Europe has revealed the results of its new research report, ‘The Hybrid Shift: Managing an increasingly remote workforce’, which shows that 65 per cent of European IT decision-makers have access to increased IT budgets this year ...Read More...
          Totality Services marks World Password Day with top tips

          Totality Services marks World Password Day with top tips

          Thursday 6th May 2021 by clareb
          Since 2013, the first Thursday of May each year marks World Password Day, promoting better password habits to stay safe online. With so many people working at home due to the ongoing pandemic, often without the IT support and protection provided...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue