IoT Vulnerable to DDoS
A new report from Neustar claims that companies employing IoT devices are not as focused on their security as they should be.
- By Lindsay Stares
- May 19, 2016
It may look like alphabet soup to the uninitiated, but it's true: devices on the Internet of Things (IoT) may be especially vulnerable to distributed denial of service (DDoS) attacks.
This is according to a report released by Neustar, a provider of real-time, cloud-based information services and data analytics. Neustar recently surveyed more than a thousand directors, managers, and C-suite executives from around the world about their experiences with DDoS attacks. The respondents to the survey came from multiple sectors and many speak for highly profitable organizations, with 79 percent reporting yearly revenues of more than $100 million.
All of these managers and executives recognize that DDoS attacks are a growing problem. Of the organizations surveyed, 73 percent were attacked in 2015. Eighty-two percent of those were attacked more than once, and 45 percent were struck six or more times!
You may think of DDoS as just something that protesters use to shut down websites. At its simplest level, a DDoS attack is performed by sending so many requests -- to a website, server, or other connected device -- that the target is overwhelmed and shuts down. This makes websites impossible to reach, cripples networks, and creates openings for more damaging activity.
According to Neustar, 57 percent of all breaches in 2015 involved theft -- of money, intellectual property, or customer data -- and 45 percent installed or activated a virus or piece of malware to do further damage. Half of the organizations reporting in the study claimed that they would lose one hundred thousand dollars or more every hour if they suffered a DDoS attack at a peak time.
The hackers who commit these attacks are becoming more sophisticated, using multi-vector tactics or subverting the very encryption meant to keep an enterprise safe, thereby increasing the scope and frequency of attacks. It makes sense, then, that 76 percent of survey respondents are investing more in modern DDoS protection.
Organizations are using many different tactics -- often multiple tactics at once -- to protect their networks. The most popular type of protection reported (with 57 percent using it) is firewalls at the ISP to stop damaging traffic before it reaches the network, called black hole filtering. Using cloud services is the next most popular method, with 49 percent of respondents. Companies aren't ignoring the threat.
However, even though 63 percent of these companies are using IoT, only 34 percent say they are focused on protecting those devices.
The Internet of Things includes all manner of connected devices. Uses range from consumer products, e.g., the FitBit, to manufacturing (sensors monitoring the safety and use of factory equipment), to healthcare (connected MRIs allow for remote diagnostics). Connected cars are part of IoT, as are home security devices controlled from a smartphone.
You can already imagine the kind of destruction that could be caused by infiltration of IoT networks. From their own accounts, more than 80 percent of companies will have or deploy an IoT device by 2017. IoT is becoming part of business, and 81 percent of companies that already use IoT devices were attacked in 2015.
Even if it doesn't result in, for example, a connected vehicle losing power on the highway, a DDoS attack can be extremely damaging. Companies that use IoT report that due to breaches, 43 percent of them experienced some form of theft, and 73 percent lost customer trust or suffered other damage to their brand.
Neustar's senior vice president of IoT, Hank Skorny, added his analysis to the findings in this report. He wrote, "Every IT professional knows it can take just one successful hack on an IoT device to access and compromise an entire network. As we continue to ingrain IoT devices into our electrical grid, hospitals, assembly lines and other essential areas of life, the stakes are too high to leave security to chance. Let's get this right the first time."
It's clear from this survey that industries adopting IoT need to make security more of a priority, as the danger of these attacks is only going to grow.
An infographic with more results from the survey is available here.
Lindsay Stares is a production editor at TDWI. You can contact her at firstname.lastname@example.org.