20 billion reasons why cybersecurity has to change
Nov 2, 2016
While we’ve witnessed a fresh spate of high profile cyber-attacks this year, most have played out as conventional exploits, that is, incidents that however undesirable or damaging follow a well-trodden path.
In the main, DDoS (or Distributed Denial of Service) is a common type of attack. It’s mostly not aimed at gaining access to company systems and hi-jacking sensitive or valuable data, but bringing a company to its knees by crashing the I.T. infrastructure. Once launched by the attacker, malware first targets and then infects a host of other PCs or servers and turns each compromised device (known as botnets) into remote weapons. These then flood the victim’s I.T. system with massive volumes of data which eventually overwhelm it, forcing it to shut down.
However, a recent DDoS attack was different.
The Trojan malware used caused one of the largest attacks ever seen. And what’s truly worrying is that it didn’t just capture and use powerful computers as part of the assault. Instead, it used CCTV cameras, routers and a myriad of small, insecure IP appliances. Or things. Hundreds of thousands of internet things.
Things that have embedded, factory-default settings. Things that aren’t usually supervised or maintained but are always connected. Things that don’t even know they have been converted into botnets, yet are being used to undermine other systems.
The implications are enormous.
As reported in the media recently, ‘In the last two years, the number of internet-of-things devices in the world has surged nearly 70 percent to 6.4 billion, according to Gartner, a research firm. By 2020, the firm forecasts, the internet-of-things population will reach 20.8 billion.’1
While much has been written about IoT and how smart devices in our connected world are going to transform our lives, which they certainly can, this latest attack has thrown into sharp relief the implications of using machines against machines.
I’ll be covering this subject further in a series of short blogs to provide my perspective on this threat and others. I’ll be explaining why this latest attack isn’t just a taste of things to come, it’s happening now. And why there’s a pressing need for the security industry to play its part, and soon, because there is a clear need for a new approach to securing the network. A network that doesn’t have borders, edges or walls, just a colossal number of connected ‘things’.
For more information on Juniper’s unique approach to attain a truly secure, software-defined network, please visit the newsletter, featuring independent analyst research.