Be warned, the Internet of Things (IoT) may have lots of good things going for it – but it’s also a major threat to security for UK companies.
IoT is a catch-all description of the copious different devices that are now connected to the internet, including webcams, routers, digital video recorders and microchips embedded in shipping containers. All have IP addresses which connect to the internet.
The problem is that many of these devices use very basic security so it’s easy for criminals to gain access to them and embed malicious codes that will later be used to carry out attacks on major organisations and on the internet’s infrastructure.
Cameras and digital video recorders
The recent attack on traffic-switching provider Dyn is the latest example of how deadly the threat from the Internet of Things has become.
Malicious code was planted on a number of devices without the owners being aware. Many of the devices were home routers, network-enabled cameras and digital video recorders.
The malware installed – known as “botnets”– attacked Dyn’s servers with so much junk traffic in a massive Distributed Denial of Service (DDoS) attack resulting in Dyn’s services freezing-up. A number of major companies were affected including Spotify, Twitter, Paypal and Amazon.
Dyn attack highlights threat
Gary Jowett from Computer & Network Consultants in Brighton says: “The attack on Dyn is yet another stark reminder for companies in all sectors to maintain the highest standards of network security so they can spot such malicious code when it comes knocking at their door. At the same time, you have to train staff to spot, quarantine and report any suspicious communications and to be vigilant outside of working hours too, so that their own personal devices aren’t infected because this could bring the threat dangerously close to your business.”
If your company’s firewall and protection against viruses and malware isn’t able to cope with the latest threats, then something as innocent as photos from an infected digital camera could be a back door for criminals to gain access to your network.
It only requires someone in a branch office of your estate agency or recruitment company in Worthing, Eastbourne or Haywards Heath to plug their personal camera into their company laptop to share Christmas party snaps for any malicious code hiding on the camera to get into a company’s network. This could infect your entire network and give criminals an open window to confidential records including bank information and customer data.
Dormant danger lurking
“Remember that such malicious code may lie dormant in your system for days, weeks or months before it strikes,” says Gary. “With the growing demand for devices enabled with internet access, the threat from the IoT is ever present. It’s not going away. So, it’s best to assume that an attack via IoT could affect your organisation – either by making you an unwitting player in a DDoS attack on someone else – or as the victim of such an attack.
“It’s therefore important to make sure there are sturdy contingency measures in place to minimise any possible disruption such an attack may cause and to regularly remind staff about the threat from personal devices,” says Gary.